Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WPlugin' = '%HOMEPATH%\AppData\Roaming\WPlugin.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WPlugin' = '<Полный путь к вирусу>'
- %HOMEPATH%\AppData\Roaming\arrow1.cur
- %HOMEPATH%\AppData\Roaming\semtitulo.cur
- %HOMEPATH%\AppData\Roaming\link1.cur
- %HOMEPATH%\AppData\Roaming\select1.cur
- %HOMEPATH%\AppData\Roaming\WPlugin.exe
- %HOMEPATH%\AppData\Roaming\WinPlugin\WinPlugin.exe
- %HOMEPATH%\AppData\Roaming\WinPlugin\WPlugin.exe
- %HOMEPATH%\AppData\Roaming\WinPlugin2\WPlugin.exe
- %HOMEPATH%\AppData\Roaming\WinPlugin2\WinPlugin.exe
- 'any':6670
- 'ci######ravilhosa.ddns.net':6670
- 'ns####.dynamic-dns.net':6670
- 'me###.net.br':80
- 'www.qu####uip.com.br':80
- 'www.be###our.com.br':80
- http://www.qu####uip.com.br/
- http://me###.net.br/
- http://www.be###our.com.br/components/com_search/views/search/tmpl/form2.php
- DNS ASK ci######ravilhosa.ddns.net
- DNS ASK ns####.dynamic-dns.net
- DNS ASK www.be###our.com.br
- DNS ASK me###.net.br
- DNS ASK www.qu####uip.com.br
- ClassName: 'Indicator' WindowName: ''