Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'system32' = 'system32.exe'
- <SYSTEM32>\run32.exe
- <SYSTEM32>\system32.exe
- <SYSTEM32>\run32.exe {a}<Полный путь к вирусу>{/a}{b}<Имя вируса>{/b}
- <SYSTEM32>\run32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\YMSG12ENCRYPT[1].DLL
- <SYSTEM32>\YMSG12ENCRYPT.DLL
- %WINDIR%\pcklg32\23-10-2012 1-3-18
- <SYSTEM32>\system32.exe
- <SYSTEM32>\run32.exe
- <SYSTEM32>\system32.exe
- %TEMP%\~DF2A1A.tmp
- 'st#####s.myokhost.com':80
- '67.##5.160.76':5050
- 'localhost':1038
- st#####s.myokhost.com/YMSG12ENCRYPT.DLL
- DNS ASK st#####s.myokhost.com
- DNS ASK sc#.##g.yahoo.com
- ClassName: 'Shell_TrayWnd' WindowName: ''