Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UserFaultCheck' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Btmchk' = '{B51EEDA0-8EE3-4333-88C8-943EB2DE1163}'
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\evl] 'Name' = '%TEMP%\Adobe\AdobeRdrPlug.dll'
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\pchealth\ERRORREP\UserDumps\spoolsv.exe.20120516-203131-00.mdmp
- %WINDIR%\pchealth\ERRORREP\UserDumps\spoolsv.exe.20120516-203131-00.hdmp
- C:\spoolerlogs\spooler.xml
- %TEMP%\Adobe\AdobeRdrPlug.dll
- %CommonProgramFiles%\winafx.log
- из <Полный путь к вирусу> в <Текущая директория>\err.log
- 'my###ads.com':80
- my###ads.com/gold/xgate.php
- DNS ASK my###ads.com
- ClassName: '' WindowName: 'Spooler SubSystem App'