Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>' = '<SYSTEM32>\win32.exe'
- <SYSTEM32>\sc.exe config SharedAccess start= disabled
- <SYSTEM32>\ntsd.exe -c q -pn rfwsrv.exe
- <SYSTEM32>\ntsd.exe -c q -pn KWatch.exe
- <SYSTEM32>\sc.exe config Alg start= disabled
- <SYSTEM32>\sc.exe stop alg
- <SYSTEM32>\ntsd.exe -c q -pn rfwmain.exe
- <SYSTEM32>\sc.exe stop SharedAccess
- <SYSTEM32>\wg1.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\laotou[1].txt
- <SYSTEM32>\win32.exe
- <SYSTEM32>\wg1.txt
- 'www.85##g.com':80
- 'localhost':1035
- www.85##g.com/xiaoma/laotou.txt
- DNS ASK www.85##g.com
- ClassName: 'MS_WINHELP' WindowName: ''