Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Rundll32.exe' = '%WINDIR%\system\svchost.exe'
- %WINDIR%\system\svchost.exe
- %TEMP%\231156.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\444[1].txt
- %TEMP%\232156.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\333[1].txt
- %TEMP%\230156.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\888[1].txt
- %WINDIR%\system\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\555[1].txt
- %TEMP%\229062.tmp
- из <Полный путь к вирусу> в %TEMP%\228406.tmp
- 'fm##.info':80
- 'hj##.info':80
- 'ey##.info':80
- 'localhost':1035
- 'ex##.info':80
- fm##.info/gx/444.txt
- hj##.info/gx2/333.txt
- ex##.info/xztj1/888.txt
- ey##.info/xztj/555.txt
- DNS ASK fm##.info
- DNS ASK hj##.info
- DNS ASK ex##.info
- DNS ASK ey##.info