Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'VDoc' = '"%TEMP%\<Имя вируса>.exe" /cs:0 '
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ActivatedSetupReleaseXP[1].cab
- %TEMP%\del.bat
- %TEMP%\SetupRelease.cab
- %TEMP%\<Имя вируса>.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ActivatedSetupReleaseXP[1].cab
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ActivatedSetupReleaseXP[1].cab
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ActivatedSetupReleaseXP[1].cab
- 'so#####es-discount.com':80
- so#####es-discount.com/update/ActivatedSetupReleaseXP.cab
- DNS ASK so#####es-discount.com
- ClassName: 'Shell_TrayWnd' WindowName: ''