Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\RemoteStorage] 'Start' = '00000002'
- '%CommonProgramFiles%\Microsoft Shared\Help\<Имя вируса>.exe'
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEE4.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEF5.tmp
- %CommonProgramFiles%\microsoft shared\Help\<Имя вируса>.exe
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEE4.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEF5.tmp
- 'ck.##loon.com':109
- 'ff.##loon.com':5555
- DNS ASK dn#.##ftncsi.com
- DNS ASK ck.##loon.com
- DNS ASK ff.##loon.com