Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Iexpl' = '<Полный путь к вирусу>'
- <SYSTEM32>\Iexplorer.txt
- <SYSTEM32>\keylogf.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\keylogf[1].jpg
- 'ma##.#####desdevoceamorzinho.com':25
- 'al########ao.all.vila.bol.com.br':80
- 'localhost':1036
- al########ao.all.vila.bol.com.br/keylogf.jpg
- DNS ASK ma##.#####desdevoceamorzinho.com
- DNS ASK al########ao.all.vila.bol.com.br
- ClassName: '(null)' WindowName: 'Unibanco.com - Microsoft Internet Explorer'
- ClassName: '(null)' WindowName: 'Banco Ita? - Feito Para Voc? - Microsoft Internet Explorer'
- ClassName: '(null)' WindowName: 'Grupo Safra S.A. - Microsoft Internet Explorer'
- ClassName: '(null)' WindowName: 'Gerenciador Financeiro - Microsoft Internet Explorer'
- ClassName: '(null)' WindowName: 'Banco Bradesco S/A - Microsoft Internet Explorer'
- ClassName: '(null)' WindowName: '[bb.com.br] - Microsoft Internet Explorer'
- ClassName: '(null)' WindowName: 'Caixa Econ?mica Federal - Microsoft Internet Explorer'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'SoftCashIII'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Banco Santander - Microsoft Internet Explorer'
- ClassName: '(null)' WindowName: 'Banespa - Microsoft Internet Explorer'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'