Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WndowsProtecter' = '<Полный путь к вирусу>'
- C:\START.POP
- C:\DEL.POP
- C:\DL.POP
- 'cr########2_og49e9.radius-host.net':80
- 'localhost':1037
- http://cr########2_og49e9.radius-host.net/COM1/START.POP
- http://cr########2_og49e9.radius-host.net/COM1/DEL.POP
- http://cr########2_og49e9.radius-host.net/COM1/DL.POP
- DNS ASK cr########2_og49e9.radius-host.net
- ClassName: 'MS_WINHELP' WindowName: ''