Техническая информация
- %PROGRAM_FILES%\Ad\BU_EXE.exe
- %PROGRAM_FILES%\Ad\AD_EXE.exe
- %TEMP%\tem1.tmp <Pid>104</Pid> <path><Полный путь к вирусу></path>
- %PROGRAM_FILES%\Ad\AD_EXE.exe
- %PROGRAM_FILES%\Ad\BU_EXE.exe
- %TEMP%\tem1.tmp
- %HOMEPATH%\Desktop\Internet Explorer.lnk
- %HOMEPATH%\Desktop\Internet Explorer.lnk
- 're#####ata.wow135.com':80
- re#####ata.wow135.com/get.aspx
- re#####ata.wow135.com/bd_get.aspx
- DNS ASK re#####ata.wow135.com
- ClassName: 'Shell_TrayWnd' WindowName: ''