Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'avira' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AVFuckstarter' = '<Полный путь к вирусу>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Calc' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AVFuck' = '%TEMP%\avira.cmd'
- скрытых файлов
- fsav32.exe
- bdagent.exe
- AVP.EXE
- outpost.exe
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander]
- [<HKCU>\Software\Paltalk]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKCU>\Software\Microsoft\MessengerService]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- %APPDATA%\Stolen Passwords.txt
- %APPDATA%\Stolen CD Keys.txt
- %TEMP%\avira.cmd
- %HOMEPATH%\Local Settings\Temporary Internet Files\desktop.ini
- %HOMEPATH%\Local Settings\History\desktop.ini
- '74.##5.232.51':80
- 'wh###smyip.com':80
- 'sm##.live.com':25
- 'wp#d':80
- wh###smyip.com/automation/n09230945.Asp
- 74.##5.232.51/
- wp#d/wpad.dat
- DNS ASK www.google.com
- DNS ASK wh###smyip.com
- DNS ASK sm##.live.com
- DNS ASK wp#d
- ClassName: 'VMDragDetectWndClAss' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'