Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] 'Exec' = '"%PROGRAM_FILES%\Internet Explorer\iexplore.exe"http://www.1314la.net'
- <SYSTEM32>\taskkill.exe /f /im <Имя вируса>.exe
- <SYSTEM32>\cmd.exe /c main.bat
- <Текущая директория>\main.bat
- %HOMEPATH%\Favorites\1314la.lnk
- 'hi.##idu.com':80
- 'localhost':1037
- hi.##idu.com/zhou_gege
- DNS ASK www.13##la.net
- DNS ASK hi.##idu.com
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''