Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Microsoft.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Microsoft.exe
- '<SYSTEM32>\cmd.exe' /c ""<Полный путь к вирусу>.bat" "
- firefox.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\contact[1].jsp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[1].php
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.tmp
- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Microsoft.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.tmp в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js
- 'lo###s.xoom.it':80
- 'www.lo#####nlogistics.com':80
- 'localhost':1036
- lo###s.xoom.it/cont/index.php
- www.lo#####nlogistics.com/htmlsupport/contact.jsp
- DNS ASK lo###s.xoom.it
- DNS ASK www.lo#####nlogistics.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'IEFrame' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'