Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<SYSTEM32>\Common.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Audio Control] 'Start' = '00000001'
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\net.exe stop sharedaccess
- <SYSTEM32>\ipconfig.exe
- <Полный путь к вирусу>
- <SYSTEM32>\Audio.sys
- 'ma#.#8bxg.com':80
- ma#.#8bxg.com/20110415.jpg
- DNS ASK ma#.#8bxg.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''