Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'VDoc' = '"<Полный путь к вирусу>" /cs:0 '
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\SetupRelease[1].cab
- %TEMP%\SetupRelease.cab
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\SetupRelease[1].cab
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\SetupRelease[1].cab
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\SetupRelease[1].cab
- 'vd####date.fdns.net':80
- 'vd###tat.co.cc':80
- vd####date.fdns.net/SetupRelease.cab
- vd###tat.co.cc/reports/minstalls.php
- DNS ASK vd####date.fdns.net
- DNS ASK vd###tat.co.cc
- ClassName: 'Shell_TrayWnd' WindowName: ''