Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe ,%WINDIR%\Prefetch\Exploper.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe ,<Полный путь к вирусу>'
- '%WINDIR%\Prefetch\Exploper.exe'
- '<SYSTEM32>\wbem\svchost.exe'
- %WINDIR%\Prefetch\Exploper.exe
- <SYSTEM32>\wbem\svchost.exe
- <SYSTEM32>\wbem\svchost.exe
- 'st###.myddns.ru':21
- 'wp#d':80
- wp#d/wpad.dat
- DNS ASK st###.myddns.ru
- DNS ASK wp#d