Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Winwd' = '<Полный путь к вирусу>'
- %TEMP%\7.tmp
- %TEMP%\6.tmp
- %TEMP%\5.tmp
- %TEMP%\8.tmp
- %TEMP%\B.tmp
- %TEMP%\A.tmp
- %TEMP%\9.tmp
- %TEMP%\4.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\c[1].htm
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %TEMP%\1.tmp
- %TEMP%\3.tmp
- %TEMP%\2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\c[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\c[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\c[1].htm
- <SYSTEM32>\tethat.sys
- %TEMP%\8.tmp в <SYSTEM32>\tethat.sys
- %TEMP%\7.tmp в <SYSTEM32>\tethat.sys
- %TEMP%\9.tmp в <SYSTEM32>\tethat.sys
- %TEMP%\B.tmp в <SYSTEM32>\tethat.sys
- %TEMP%\A.tmp в <SYSTEM32>\tethat.sys
- %TEMP%\6.tmp в <SYSTEM32>\tethat.sys
- %TEMP%\2.tmp в <SYSTEM32>\tethat.sys
- %TEMP%\1.tmp в <SYSTEM32>\tethat.sys
- %TEMP%\3.tmp в <SYSTEM32>\tethat.sys
- %TEMP%\5.tmp в <SYSTEM32>\tethat.sys
- %TEMP%\4.tmp в <SYSTEM32>\tethat.sys
- 'pt##ee.org':80
- 'localhost':1036
- pt##ee.org/abcd/c.htm
- DNS ASK pt##ee.org
- ClassName: 'Indicator' WindowName: ''