Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Virus2Bye' = '%PROGRAM_FILES%\Virus2Bye\Virus2ByeLaunch.exe'
- '%PROGRAM_FILES%\Virus2Bye\Virus2ByeUp.exe'
- '%PROGRAM_FILES%\Virus2Bye\Virus2ByeLaunch.exe'
- '%PROGRAM_FILES%\Virus2Bye\Virus2Bye.exe' /install
- %HOMEPATH%\Start Menu\Programs\Virus2Bye\ИЁЖдАМБц.lnk
- %PROGRAM_FILES%\Virus2Bye\Virus2Bye.url
- %PROGRAM_FILES%\Virus2Bye\uninst.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\list[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inst[1].php
- %PROGRAM_FILES%\Virus2Bye\data\dt.cab
- %PROGRAM_FILES%\Virus2Bye\Virus2ByeUp.exe
- %TEMP%\nst2.tmp
- %HOMEPATH%\Start Menu\Programs\Virus2Bye\Virus2Bye.lnk
- %PROGRAM_FILES%\Virus2Bye\Virus2Bye.exe
- %PROGRAM_FILES%\Virus2Bye\Virus2ByeLaunch.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\list[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inst[1].php
- 'www.vi###bye.pe.kr':80
- www.vi###bye.pe.kr/app/update/list.html
- www.vi###bye.pe.kr/count/inst.php?uc###################
- DNS ASK www.vi###bye.pe.kr
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'