Техническая информация
- %TEMP%\t1.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\t[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\g[1].php
- из <Полный путь к вирусу> в %TEMP%\~tt1.tmp
- 'fo###.nurezipam.cn':80
- 'localhost':1038
- fo###.nurezipam.cn/cp/t
- fo###.nurezipam.cn/g/g.php?1
- DNS ASK fo###.nurezipam.cn