Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Service de securite ras] 'Start' = '00000002'
- '<SYSTEM32>\dpw.exe' -B %WINDIR%\TEMP\izurb.dat
- '<SYSTEM32>\dpw.exe'
- '<SYSTEM32>\dpw.exe' <Полный путь к вирусу>
- %WINDIR%\Temp\izurb.dat
- %WINDIR%\Temp\izura.dat
- C:\xaar.com
- <SYSTEM32>\WinScr.exe
- <SYSTEM32>\dpw.exe
- <SYSTEM32>\WinScrHo.dll
- <SYSTEM32>\WinScrOm.dll
- %WINDIR%\Temp\izurb.dat
- %WINDIR%\Temp\izura.dat
- 'd.#####uignon.free.fr':80
- 'ir#.#irc.net':6667
- 'localhost':28934
- 'localhost':28944
- d.#####uignon.free.fr/index.php3
- d.#####uignon.free.fr/index.php3?ma##########
- DNS ASK ir#.#irc.net
- DNS ASK d.#####uignon.free.fr