Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindoUpdates' = '"%APPDATA%\Microsoft Computer\MobileDeviceHelpers.exe"'
- '%APPDATA%\Microsoft Computer\MobileDeviceHelpers.exe'
- '<SYSTEM32>\notepad.exe' %APPDATA%\hang checked vua get tren shop ve.txt
- <Текущая директория>\<Имя вируса>
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\checkip.dyndns[1]
- %APPDATA%\hang checked vua get tren shop ve.txt
- %APPDATA%\Microsoft Computer\MobileDeviceHelpers.exe
- %APPDATA%\CURRENTID1
- '27.#.15.203':21
- 'ch####p.dyndns.org':80
- ch####p.dyndns.org/
- DNS ASK ch####p.dyndns.org
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'