Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{A47BE134-9ACE-2457-ABD0-3AE14579BDE1}' = ''
- <SYSTEM32>\cmd.exe /c <Имя вируса>.exe_deleteme.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\exe[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ver[1].txt
- <SYSTEM32>\SysDown.vxd
- <Полный путь к вирусу>_deleteme.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ver[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\exe[1].txt
- <Полный путь к вирусу>_deleteme.bat
- 'fl####ze.11mf.cn':80
- fl####ze.11mf.cn/img/down/ver.txt
- fl####ze.11mf.cn/img/down/exe.txt
- DNS ASK fl####ze.11mf.cn
- ClassName: 'ListBox' WindowName: 'exe_llw'
- ClassName: 'ListBox' WindowName: 'dll_llw'