Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'yybox' = '%WINDIR%\yybox.exe'
- '%WINDIR%\yybox.exe'
- <LS_APPDATA>\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- <Текущая директория>\<Имя вируса>.e_906.exe
- %WINDIR%\yybox.exe
- из <Полный путь к вирусу> в %TEMP%\182875\...\TemporaryFile
- 'tm###.ys168.com':80
- 'yy.com':80
- 'localhost':1038
- '12#.#25.114.144':80
- yy.com/s/3879/2344444135/main.swf
- tm###.ys168.com/
- 12#.#25.114.144/sqresxyrqmbmsyd/item/fabb7dc1cb1cc23e0ad93ac4
- DNS ASK c1.##b.yy.com
- DNS ASK tm####.ys168.com
- DNS ASK yy.com
- DNS ASK cf####bingkeji.com
- DNS ASK hi.##idu.com
- DNS ASK tm###.ys168.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''