Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\SecurityProviders] 'SecurityProviders' = 'msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll'
- [<HKLM>\SYSTEM\ControlSet001\Control\SecurityProviders] 'SecurityProviders' = 'msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll'
- iexplore.exe
- %WINDIR%\inf\ultra.inf
- <SYSTEM32>\ultra\ultra.inf
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\incc[1].pl
- <SYSTEM32>\ultra\uninstall.bat
- %APPDATA%\2.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\incc[1].pl
- <SYSTEM32>\xlibgfl254.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\incc[1].pl
- %APPDATA%\2.exe
- из <Полный путь к вирусу> в <SYSTEM32>\<Имя вируса>.exe
- 'di##t.org':80
- 'localhost':1036
- di##t.org/cgi-bin/ld/incc.pl?hi####################################################################################
- di##t.org/cgi-bin/ld/incc.pl?hi##################
- DNS ASK di##t.org