Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'nmadn' = '%PROGRAM_FILES%\Addendum\adnfm.exe'
- %PROGRAM_FILES%\Addendum\adnfm.exe <Полный путь к вирусу>
- %PROGRAM_FILES%\Addendum\adnfm.exe (загружен из сети Интернет)
- %PROGRAM_FILES%\Addendum\adnim.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\adnim[1].dll
- %PROGRAM_FILES%\Addendum\adnib.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inst_ok[1].asp
- %TEMP%\nsk2.tmp\nsRandom.dll
- %PROGRAM_FILES%\Addendum\uninst.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\adnib[1].dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\adnfm[1].exe
- %TEMP%\nsk2.tmp\InetLoad.dll
- %TEMP%\nsk2.tmp\version.dll
- %PROGRAM_FILES%\Addendum\adnsvc.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\adnsvc[1].exe
- %PROGRAM_FILES%\Addendum\adnfm.exe
- %TEMP%\nsk2.tmp\nsRandom.dll
- %TEMP%\nsk2.tmp\version.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inst_ok[1].asp
- %TEMP%\nsk2.tmp\InetLoad.dll
- 'ap##.#smon.co.kr':80
- ap##.#smon.co.kr/filenmadn/adnim.dll
- ap##.#smon.co.kr/app/inst_ok.asp?ui################################################
- ap##.#smon.co.kr/filenmadn/adnib.dll
- ap##.#smon.co.kr/filenmadn/adnfm.exe
- ap##.#smon.co.kr/filenmadn/adnsvc.exe
- DNS ASK ap##.#smon.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''