Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'iSafeAV' = '"<Полный путь к вирусу>"'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\sync[4].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\sync[5].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\sync[6].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\sync[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\sync[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\sync[3].php
- 'is####ntivirus.com':80
- 'is####ntvirus.com':80
- 'is####antivirus.com':80
- 'is#####tiviruspro.com':80
- 'is####ntivir.com':80
- is####ntivirus.com/sync.php
- is####ntvirus.com/sync.php
- is####antivirus.com/sync.php
- is#####tiviruspro.com/sync.php
- is####ntivir.com/sync.php
- DNS ASK is####ntivirus.com
- DNS ASK is####ntvirus.com
- DNS ASK is####antivirus.com
- DNS ASK is#####tiviruspro.com
- DNS ASK is####ntivir.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ThunderRT6FormDC' WindowName: 'Shareware Cheater v 3.0'
- ClassName: 'ThunderRT6FormDC' WindowName: ''