Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'SelfdelNT' = 'cmd /C del "<Полный путь к вирусу>"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tmp' = '%APPDATA%\defender.exe'
- <SYSTEM32>\cmd.exe
- opera.exe
- YahooMessenger.exe
- java.exe
- safari.exe
- javaw.exe
- msnmsgr.exe
- iexplore.exe
- firefox.exe
- chrome.exe
- skype.exe
- %APPDATA%\defender.exe
- 'c4#########90ab34835a156eca2627.co.cc':80
- 'localhost':1037
- http://c4#########90ab34835a156eca2627.co.cc/preinst.php?id######
- DNS ASK c4#########90ab34835a156eca2627.co.cc
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'TForm5' WindowName: 'Peak Protection 2010 Instalation'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'TForm5' WindowName: 'Major Defense Kit Instalation'
- ClassName: 'TForm5' WindowName: 'AntiSpy Safeguard Instalation'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'TForm5' WindowName: 'Red Cross Antivirus Instalation'
- ClassName: 'TForm5' WindowName: 'Pest Detector 4.1 Instalation'