Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'eadden' = '%PROGRAM_FILES%\Addendum\admrup.exe'
- %PROGRAM_FILES%\Addendum\admrup.exe <Полный путь к вирусу>
- %PROGRAM_FILES%\Addendum\admrup.exe (загружен из сети Интернет)
- %PROGRAM_FILES%\Addendum\iesm_nm.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\iesm_nm[1].dll
- %PROGRAM_FILES%\Addendum\iesb_nm.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inst_ok[1].asp
- %TEMP%\nsh2.tmp\nsRandom.dll
- %PROGRAM_FILES%\Addendum\uninstall.exe
- %PROGRAM_FILES%\Addendum\admrup.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\admrup[1].exe
- %TEMP%\nsh2.tmp\InetLoad.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\iesb_nm[1].dll
- %PROGRAM_FILES%\Addendum\admmgr.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\admmgr[1].exe
- %TEMP%\nsh2.tmp\nsRandom.dll
- %TEMP%\nsh2.tmp\InetLoad.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inst_ok[1].asp
- 'ap##.#smon.co.kr':80
- ap##.#smon.co.kr/fileaddn/iesm_nm.dll
- ap##.#smon.co.kr/app/inst_ok.asp?ui################################################
- ap##.#smon.co.kr/fileaddn/iesb_nm.dll
- ap##.#smon.co.kr/fileaddn/admrup.exe
- ap##.#smon.co.kr/fileaddn/admmgr.exe
- DNS ASK ap##.#smon.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''