Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'zgcsmt01' = '%WINDIR%\<Имя вируса>.exe'
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://uu##s.us/index.php?fr############
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://ma##.163.com
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mail.163[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[1].php
- %WINDIR%\<Имя вируса>.exe
- 'uu##s.us':80
- 'sm##.163.com':25
- 'localhost':1038
- 'localhost':1035
- 'ma##.163.com':80
- uu##s.us/index.php?fr############
- ma##.163.com/
- DNS ASK sm##.163.com
- DNS ASK uu##s.us
- DNS ASK ma##.163.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: '163?????--???????? - Microsoft Internet Explorer'
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''