Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'QuickTime Schedule' = '<Полный путь к вирусу>'
- %TEMP%\16-05-2012.htt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\assunto[1].jpg
- %TEMP%\16-05-2012.ass
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\html[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mailform[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ver[1].jpg
- %TEMP%\16-05-2012.upd
- %TEMP%\16-05-2012.ass
- %TEMP%\16-05-2012.htt
- %TEMP%\16-05-2012.upd
- '12#.#17.249.150':80
- 'localhost':1036
- 12#.#17.249.150/assunto.jpg
- 12#.#17.249.150/html.jpg
- 12#.#17.249.150/ver.jpg
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''