Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\X1e0Eqk] 'Start' = '00000002'
- '%WINDIR%\explorer.exe' http://www.94##5.com/
- <Полный путь к вирусу>
- <DRIVERS>\X1e0Eqk.sys
- %TEMP%\1b045.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\94185[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\up[1].txt
- %TEMP%\1ad75.tmp
- %TEMP%\1a312.tmp
- %TEMP%\19f67.tmp
- %TEMP%\1aa38.tmp
- %TEMP%\1a7c6.tmp
- %TEMP%\1b045.tmp
- %TEMP%\1ad75.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\up[1].txt
- <DRIVERS>\X1e0Eqk.sys
- %TEMP%\1a312.tmp
- %TEMP%\19f67.tmp
- %TEMP%\1aa38.tmp
- %TEMP%\1a7c6.tmp
- 'www.94##5.com':80
- 'wt.##1zg.com':80
- 'localhost':1036
- www.94##5.com/
- wt.##1zg.com/up.txt
- DNS ASK www.94##5.com
- DNS ASK wt.##1zg.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'