Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>.exe' = '<Полный путь к вирусу>'
- <SYSTEM32>\regsvr32.exe /s "%APPDATA%\IE\bho.dll"
- <SYSTEM32>\regsvr32.exe /u /s "%APPDATA%\IE\bho.dll"
- %APPDATA%\firefox@mozilla.com\content\settings.js
- %APPDATA%\firefox@mozilla.com\content\overlay.xul
- %APPDATA%\IE\settings.dat
- %APPDATA%\IE\bho.dll
- %APPDATA%\firefox@mozilla.com\content\overlay.js
- %WINDIR%\no.edu
- %TEMP%\aut1.tmp
- %APPDATA%\firefox@mozilla.com\install.rdf
- %APPDATA%\firefox@mozilla.com\chrome.manifest
- %TEMP%\aut1.tmp
- 'ks#####4.kimsufi.com':80
- ks#####4.kimsufi.com//tools/parser.php?us#######################################
- ks#####4.kimsufi.com//tools/parser.php?us#################################################################################################
- DNS ASK ks#####4.kimsufi.com
- ClassName: 'Indicator' WindowName: ''