Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsApplication1' = 'C:\Users\%USERNAME%\AppData\Roaming\winlogin.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'windows_update.exe' = '%TEMP%\windows_update.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsApplication1' = '<Полный путь к вирусу>'
- 'C:\Users\%USERNAME%\AppData\Roaming\winlogin.exe'
- %TEMP%\windows_update.exe
- C:\Users\%USERNAME%\AppData\Roaming\winlogin.exe
- %TEMP%\windows_update.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].php
- 'el#.###del.broeders.be':80
- 'localhost':1041
- 'localhost':1039
- el#.###del.broeders.be/login/index.php
- DNS ASK el#.###del.broeders.be
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''