Техническая информация
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '%TEMP%\YourScreen Saver.scr'
- %TEMP%\GLF9.exe /s /dir="%PROGRAM_FILES%\YourScreen"
- %TEMP%\GLB1.tmp 4736 <Полный путь к вирусу>
- %TEMP%\GLF9.exe (загружен из сети Интернет)
- %TEMP%\freeze.ini
- %TEMP%\GLF9.exe
- %TEMP%\~GLH0003.TMP
- %ALLUSERSPROFILE%\Start Menu\Programs\YourScreen\YourScreen.lnk
- %HOMEPATH%\Desktop\YourScreen.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\YourScreen\Uninstall YourScreen.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\YourScreen\YourScreen License.lnk
- %TEMP%\~GLH0002.TMP
- %TEMP%\GLM3.tmp
- %TEMP%\GLC2.tmp
- %TEMP%\GLB1.tmp
- %TEMP%\GLG5.tmp
- %TEMP%\~GLH0001.TMP
- C:\~GLHTTP1.TMP
- %TEMP%\~GLH0000.TMP
- %TEMP%\GLF8.tmp
- %TEMP%\GLF9.exe
- C:\~GLHTTP1.TMP
- %TEMP%\GLF7.tmp
- 'localhost':1038
- 'do######.yourscreen.comdata':80
- 'do#####d.yourscreen.com':80
- 'ap#.#reeze.com':80
- ap#.#reeze.com/webservices/desktopmanager/1.0/Install/Ping/
- do######.yourscreen.comdata/yourscreen_data.exe
- do#####d.yourscreen.com/checkhttp.htm
- ap#.#reeze.com/WebServices/DesktopManager/?av######
- DNS ASK do######.yourscreen.comdata
- DNS ASK ap#.#reeze.com
- DNS ASK do#####d.yourscreen.com
- ClassName: 'Shell_TrayWnd' WindowName: ''