Техническая информация
- [<HKLM>\SOFTWARE\Classes\nb\shell\open\command] '' = '"<Полный путь к вирусу>" "%1"'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\Config[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].asp
- 'de####.woodcoal.cn':80
- 'go.##odcoal.cn':80
- 'localhost':1035
- de####.woodcoal.cn/DownBook/Config.htm
- go.##odcoal.cn/index.asp?1
- DNS ASK de####.woodcoal.cn
- DNS ASK go.##odcoal.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''