Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MicrosoftProtect' = '%WINDIR%\svchost.exe'
- '%WINDIR%\svchost.exe'
- iexplore.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\61ad3c38.linkbucks[2]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\61ad3c38.linkbucks[1]
- <LS_APPDATA>\LoaderPublicidades\<Имя вируса>.exe_Url_hqhyc0ccon4alkgxc4ifkamnb3wj00nb\1.0.0.0\9wt7scyt.newcfg
- %WINDIR%\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\61ad3c38.linkbucks[2]
- <LS_APPDATA>\LoaderPublicidades\<Имя вируса>.exe_Url_hqhyc0ccon4alkgxc4ifkamnb3wj00nb\1.0.0.0\9wt7scyt.newcfg в <LS_APPDATA>\LoaderPublicidades\<Имя вируса>.exe_Url_hqhyc0ccon4alkgxc4ifkamnb3wj00nb\1.0.0.0\user.config
- 'localhost':1038
- '61#####8.linkbucks.com':80
- 'localhost':1035
- 61#####8.linkbucks.com/
- DNS ASK 61#####8.linkbucks.com
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Rakion'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'