Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<Полный путь к вирусу>,'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\arqshp[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\arqshp[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\arqshp[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\arqshp[1].jpg
- <SYSTEM32>\simdataconf.dll
- 'me####xon.xm.com':80
- 'me#######n.web16.f3.k8.com.br':80
- '75.##5.251.36':80
- 'www.go###e.com.br':80
- '70.##.78.181':80
- me####xon.xm.com/arqshp.jpg
- me#######n.web16.f3.k8.com.br/arqshp.jpg
- 75.##5.251.36/conf/arqshp.jpg
- www.go###e.com.br/
- 70.##.78.181/cfgfree02/arqshp.jpg
- DNS ASK me#######n.web16.f3.k8.com.br
- DNS ASK me####xon.xm.com
- DNS ASK www.go###e.com.br
- ClassName: '' WindowName: 'downsys'