Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'urlspace' = '<Полный путь к вирусу> -h'
- %APPDATA%\Spiritsoft\urlspirit\taskcore.exe
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %APPDATA%\Spiritsoft\urlspirit\taskcore.exe
- %APPDATA%\Spiritsoft\urlspirit\index.dat
- %APPDATA%\Spiritsoft\urlspirit\product.dat
- %APPDATA%\Spiritsoft\urlspirit\index.dat
- 'ur#####it.spiritsoft.cn':80
- ur#####it.spiritsoft.cn/update/update.htm?q=#####
- DNS ASK ur#####it.spiritsoft.cn
- ClassName: '#32770' WindowName: 'taskcore.exe - ??????'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''