Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AVFuckstarter' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'avira' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AVFuck' = '%TEMP%\avira.cmd'
- скрытых файлов
- bdagent.exe
- AVP.EXE
- fsav32.exe
- outpost.exe
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander]
- [<HKCU>\Software\Paltalk]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKCU>\Software\Microsoft\MessengerService]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- %APPDATA%\Stolen Passwords.txt
- %APPDATA%\Stolen CD Keys.txt
- %TEMP%\avira.cmd
- %HOMEPATH%\Local Settings\Temporary Internet Files\desktop.ini
- %HOMEPATH%\Local Settings\History\desktop.ini
- 'sm##.live.com':25
- DNS ASK sm##.live.com
- ClassName: 'VMDragDetectWndClAss' WindowName: '(null)'