Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UIFVEx22' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UIFV22' = '%TEMP%\UIFV22.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'UIFVEx22' = '<Полный путь к вирусу>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'UIFV22' = '%TEMP%\UIFV22.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\UIFV22.LNK
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\UIFV22.LNK
- %HOMEPATH%\Start Menu\Programs\Startup\UIFVEx22.LNK
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\UIFVEx22.LNK
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\pay[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ml_regist[1].php
- %TEMP%\UIFV22.exe
- 'localhost':1037
- 'er###ation.jp':80
- er###ation.jp/pay.html?uc####
- er###ation.jp/exe/ml_regist.php
- DNS ASK er###ation.jp
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''