Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'urlspace' = '<Полный путь к вирусу> -h'
- '%APPDATA%\Spiritsoft\urlspirit\taskcore.exe'
- %TEMP%\Temporary Internet Files\Content.IE5\O5A3C96R\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\WRZX44IJ\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\UT0JEXQ9\desktop.ini
- %TEMP%\History\History.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\S1GZITEX\desktop.ini
- %APPDATA%\Spiritsoft\urlspirit\index.dat
- %APPDATA%\Spiritsoft\urlspirit\product.dat
- %APPDATA%\Spiritsoft\urlspirit\taskcore.exe
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\UT0JEXQ9\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\S1GZITEX\desktop.ini
- %TEMP%\History\History.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\WRZX44IJ\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\O5A3C96R\desktop.ini
- %TEMP%\Cookies\index.dat
- %APPDATA%\Spiritsoft\urlspirit\index.dat
- 'ur#####it.spiritsoft.cn':80
- ur#####it.spiritsoft.cn/update/update.htm?q=####
- DNS ASK ur#####it.spiritsoft.cn
- ClassName: '#32770' WindowName: 'taskcore.exe - ??????'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'