Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'V3LSvc' = '<Полный путь к вирусу>'
- '%PROGRAM_FILES%\Internet Explorer\temp.exe'
- '%PROGRAM_FILES%\Internet Explorer\temp.exe' (загружен из сети Интернет)
- '<SYSTEM32>\tskill.exe' V3LTray
- '<SYSTEM32>\tskill.exe' V3LSvc
- '<SYSTEM32>\tskill.exe' DaumCleaner
- '<SYSTEM32>\tskill.exe' AYAgent
- '<SYSTEM32>\tskill.exe' ALYac
- '<SYSTEM32>\tskill.exe' AYServiceNT
- %PROGRAM_FILES%\Internet Explorer\temp.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\temp[1].exe
- %TEMP%\~DFE8A8.tmp
- 'localhost':1039
- 'ic####ne.cafe24.com':80
- ic####ne.cafe24.com/program/adver/up/temp.exe
- ic####ne.cafe24.com/program/adver/ver.txt
- DNS ASK ic####ne.cafe24.com