Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'DXToolss' = 'DXToolss.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- ClassName: 'OLLYDBG' WindowName: ''
- <SYSTEM32>\Jpg1.txt
- из <Полный путь к вирусу> в <SYSTEM32>\DXToolss.exe
- 'ro#####etup.whyI.org':80
- 'sh#####ideo.whyI.org':80
- 'ma####230.whyI.org':80
- ro#####etup.whyI.orghttp://routersetup.whyI.org/configs/Jpg1.dat
- sh#####ideo.whyI.orghttp://sharedvideo.whyI.org/configs/Jpg1.dat
- ma####230.whyI.orghttp://mario1230.whyI.org/configs/Jpg1.dat
- DNS ASK ro#####etup.whyI.org
- DNS ASK sh#####ideo.whyI.org
- DNS ASK ma####230.whyI.org
- ClassName: 'OWL_Window' WindowName: ''
- ClassName: 'OwlWindow' WindowName: ''
- ClassName: 'icu_dbg' WindowName: ''