Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'The Fear Virus' = '<Полный путь к вирусу>'
- <SYSTEM32>\rundll32.exe URL.DLL,FileProtocolHandler http://www.xl##.com
- <SYSTEM32>\rundll32.exe URL.DLL,FileProtocolHandler http://www.xv##eo.com
- <SYSTEM32>\rundll32.exe URL.DLL,FileProtocolHandler http://www.re##ube.com
- <SYSTEM32>\rundll32.exe URL.DLL,FileProtocolHandler http://www.po##hub.com
- <SYSTEM32>\rundll32.exe URL.DLL,FileProtocolHandler http://www.xn##.com
- <SYSTEM32>\rundll32.exe URL.DLL,FileProtocolHandler http://www.hi##ut.com
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\redtube[1]
- 'www.xl##.com':80
- 'www.xv##eo.com':80
- 'www.re##ube.com':80
- 'www.hi##ut.com':80
- 'localhost':1035
- 'www.po##hub.com':80
- 'www.xn##.com':80
- www.re##ube.com/
- DNS ASK www.xl##.com
- DNS ASK www.xv##eo.com
- DNS ASK www.re##ube.com
- DNS ASK www.po##hub.com
- DNS ASK www.xn##.com
- DNS ASK www.hi##ut.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''