Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\GS.lnk
- '%PROGRAM_FILES%\youximimi\GS.exe'
- '%TEMP%\_ir_sf_temp_0\irsetup.exe' __IRAOFF:653858 "__IRAFN:<Полный путь к вирусу>" "__IRCT:2" "__IRTSS:0" "__IRSID:S-1-5-21-2052111302-484763869-725345543-1003"
- %ALLUSERSPROFILE%\Start Menu\Programs\GS.lnk
- %HOMEPATH%\Desktop\УОП·ГШГЬ.lnk
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mini.youximimi[1]
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %PROGRAM_FILES%\youximimi\GS.exe
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- 'mi##.#ouximimi.com':80
- 'localhost':1037
- 'ap#.##uximimi.com':80
- mi##.#ouximimi.com/
- ap#.##uximimi.com/autoupdate.php?ve#######
- DNS ASK mi##.#ouximimi.com
- DNS ASK ap#.##uximimi.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_WINHELP' WindowName: '(null)'