Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SVOH0ST' = '<Полный путь к вирусу> un'
- [<HKLM>\SOFTWARE\Classes\memfile\shell\open\command] '' = '"<Полный путь к вирусу>" unlock "%1"'
- ClassName: 'TDeDeMainForm' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
- %TEMP%\m5.ini
- <SYSTEM32>\msimtf.dllъш
- %TEMP%\m5.ini
- ClassName: '' WindowName: 'IceSword'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '#32770' WindowName: '??????????????'
- ClassName: 'TForm_Undelete' WindowName: 'Default IME'
- ClassName: 'TAppBuilder' WindowName: ''