Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'IDM' = '%TEMP%\IDM\IDM.exe'
- '%TEMP%\YUMI-0.0.8.3.exe'
- %TEMP%\nsq2.tmp\7z.dll
- %TEMP%\nsq2.tmp\yumi.png
- %TEMP%\nsq2.tmp\YUMI-Copying.txt
- %TEMP%\nsq2.tmp\linux.cfg
- %TEMP%\nsq2.tmp\other.cfg
- %TEMP%\nsq2.tmp\7zG.exe
- %TEMP%\nsq2.tmp\YUMI-Readme.txt
- %TEMP%\nsq2.tmp\chain.c32
- %TEMP%\nsq2.tmp\modern-header.bmp
- %TEMP%\nsq2.tmp\modern-wizard.bmp
- %TEMP%\nsq2.tmp\license.txt
- %TEMP%\nsq2.tmp\vesamenu.c32
- %TEMP%\nsq2.tmp\memdisk
- %TEMP%\nsq2.tmp\netbook.cfg
- %TEMP%\nsq2.tmp\UserInfo.dll
- %TEMP%\nsq2.tmp\paypal.bmp
- %TEMP%\nsq2.tmp\syslinux.exe
- %TEMP%\YUMI-0.0.8.3.exe
- %TEMP%\IDM\IDM.exe
- %APPDATA%\imlgs\14-04-2014
- %TEMP%\nsq2.tmp\syslinux.cfg
- %TEMP%\nsq2.tmp\info
- %TEMP%\nsq2.tmp\antivirus.cfg
- %TEMP%\nsq2.tmp\system.cfg
- %TEMP%\nsq2.tmp\menu.lst
- %TEMP%\nsq2.tmp\yumi.xpm.gz
- %TEMP%\nsq2.tmp\grub.exe
- <Полный путь к вирусу>
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '#32770' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'