Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' -new http://www.he##okav.cn/counter.html
- '<SYSTEM32>\ipconfig.exe' /all
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\config2[1].gif
- <SYSTEM32>\error_01.ini
- %TEMP%\versionx.xml
- %TEMP%\xzad
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\action[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\config2[1].gif
- %TEMP%\versionx.xml
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\action[1].asp
- из %TEMP%\temp.bmp в %WINDIR%\svchost.exe
- из <Полный путь к вирусу> в %TEMP%\temp.bmp
- 'www.he##okav.cn':80
- 'www.qq##83.cn':80
- 'localhost':1036
- www.he##okav.cn/config2.gif
- www.qq##83.cn/plugin.asp?Pa###################################################################
- www.qq##83.cn/action.asp?UI#######################
- DNS ASK www.he##okav.cn
- DNS ASK www.qq##83.cn
- ClassName: '' WindowName: ''