Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ViRsLab' = '"<Полный путь к вирусу>"'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sync[4].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sync[5].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sync[3].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sync[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sync[2].php
- 'vi###b2009.com':80
- 'vi####esplab.com':80
- 'vi####response.com':80
- 'vi#####sponse2009.com':80
- 'vi####labs2009.com':80
- vi###b2009.com/sync.php
- vi####esplab.com/sync.php
- vi####response.com/sync.php
- vi#####sponse2009.com/sync.php
- vi####labs2009.com/sync.php
- DNS ASK vi####response.com
- DNS ASK vi###b2009.com
- DNS ASK vi####esplab.com
- DNS ASK vi#####sponse2009.com
- DNS ASK vi####labs2009.com
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ThunderRT6FormDC' WindowName: 'Shareware Cheater v 3.0'
- ClassName: 'ThunderRT6FormDC' WindowName: ''