Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'msliveupdate' = '%PROGRAM_FILES%\Windows NT\Accessories\Microsoft\mslives.exe'
- %PROGRAM_FILES%\Windows NT\Accessories\Microsoft\mslives.exe "<Полный путь к вирусу>"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\topics[1].html
- %PROGRAM_FILES%\Windows NT\Accessories\Microsoft\mslives.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\topics[1].html
- 'et###.yourtrap.com':80
- et###.yourtrap.com/trapnews/topics.html
- DNS ASK et###.yourtrap.com