Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>.exe' = '<SYSTEM32>\<Имя вируса>.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\<Имя вируса>.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\httplinkemail[1].txt
- <SYSTEM32>\urlmsnlink.dat
- <SYSTEM32>\urlemaillink.dat
- <SYSTEM32>\updatelinkemail\121218\urlemaillink-121218.dat
- %WINDIR%\1taugo
- <SYSTEM32>\<Имя вируса>.exe
- <SYSTEM32>\updatelinkmsn\121215\urlmsnlink-121215.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\httplinkmns[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\httplinkmns[1].txt
- 'fl#######ssandra.fateback.com':80
- 'sm##.##il.yahoo.com.br':25
- 'www.so####delphi.net':80
- 'localhost':1037
- fl#######ssandra.fateback.com/httplinkemail.txt
- fl#######ssandra.fateback.com/httplinkmns.txt
- www.so####delphi.net/enviador.php
- DNS ASK sm##.##il.yahoo.com.br
- DNS ASK fl#######ssandra.fateback.com
- DNS ASK www.so####delphi.net
- ClassName: 'Internet Explorer_Server' WindowName: ''
- ClassName: 'imwindowclass' WindowName: ''
- ClassName: 'TabWindowClass' WindowName: ''
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Shell DocObject View' WindowName: ''