Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{C51C4AFB-8A3A-6C2E-BA41-C10F02140211}' = ''
- %TEMP%\xjxzt<Имя вируса>.dll
- %TEMP%\xjxzt<Имя вируса>.dll
- 'www.51##78.com':80
- www.51##78.com/laogai2/t.asp?do######
- DNS ASK www.51##78.com
- ClassName: '_Class' WindowName: '????????'
- ClassName: '#32770' WindowName: '????????????????'
- ClassName: 'Eset Client Frame' WindowName: 'ESET NOD32 Antivirus'