Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'EF Recovery Support Tools' = '"<LS_APPDATA>\EF Recovery\Support Tools\EF Recovery Support Tools.exe" /s'
- <LS_APPDATA>\EF Recovery\Support Tools\EF Recovery Support Tools.update
- %TEMP%\EF Recovery Support Tools.log
- <LS_APPDATA>\EF Recovery\Support Tools\EF Recovery Support Tools.update
- из <Полный путь к вирусу> в <LS_APPDATA>\EF Recovery\Support Tools\EF Recovery Support Tools.exe
- 'www.ge###tool.com':80
- 'www.ec##hem.com':80
- 'wp#d':80
- www.ge###tool.com/
- www.ec##hem.com/downloads/liveupdate/EF%20Recovery%20Support%20Tools.exe
- wp#d/wpad.dat
- www.ec##hem.com/downloads/liveupdate/check.aspx?ap###########################################
- DNS ASK www.ge###tool.com
- DNS ASK www.ec##hem.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''