Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\System Backup.lnk
- 'C:\System Backup\systbckp.exe' /i:442272A4#3BA65FA4 /p:"<Полный путь к вирусу>" /s:A02E4C1CE78BE45466657C8AED1FADFB81D4465F78C1A9
- C:\System Backup\systbckp.ini
- C:\System Backup\systbckp.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\galeria2.atspace[1]
- '15#.#48.91.157':443
- '15#.#48.59.157':443
- '15#.#48.155.157':443
- '15#.#48.123.157':443
- 'ga####a2.atspace.eu':80
- 'localhost':1036
- '15#.#48.27.157':443
- '15#.#48.251.156':443
- ga####a2.atspace.eu/
- DNS ASK gw###desphed.eu
- DNS ASK gw####esphed.com
- DNS ASK gw####esphed.net
- DNS ASK es####.pluton85.eu
- DNS ASK ga####a2.atspace.eu
- DNS ASK es###d.undo.it
- DNS ASK es####.strangled.net
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'IEFrame' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'