Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Diagnostic Manager' = '<Полный путь к вирусу>'
- скрытых файлов
- расширений файлов
- Редактора реестра (RegEdit)
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- %TEMP%\wininit_dbff.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ss[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ss[1].php
- %TEMP%\wininit_dbff.tmp
- 'th##ay.info':80
- th##ay.info/ff/ss.php?ve########################
- DNS ASK th##ay.info
- ClassName: 'zimbabo_rulit' WindowName: 'ugagagaga_hapulotos'
- ClassName: 'loto82' WindowName: 'Systems'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'jks387sfij3d' WindowName: 'qw3qr98fjiokmgf0'
- ClassName: 'clk_gfjk' WindowName: 'clk_jdfhid'
- ClassName: 'kf8wjoknfd' WindowName: 'wui3h83whjndf7'