Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Полный путь к вирусу>' = '<Полный путь к вирусу>'
- <SYSTEM32>\msiexec.exe
- <SYSTEM32>\msiexec.exe /V
- <SYSTEM32>\msiexec.exe /i ""%TEMP%\install_flash_player_10_active_x.msi"" /qn ALLUSERS=2 REBOOT=ReallySuppress
- %TEMP%\Tar2.tmp
- %TEMP%\Cab1.tmp
- %TEMP%\Tar4.tmp
- %TEMP%\Cab3.tmp
- %APPDATA%\W3i, LLC\Waterfalls Animated Wallpaper\install\wfallsaw.msi
- %TEMP%\install_flash_player_10_active_x.msi.part
- %TEMP%\26140.msi
- %APPDATA%\W3i, LLC\Waterfalls Animated Wallpaper\install\disk1.cab
- %TEMP%\Cab3.tmp
- %TEMP%\Tar4.tmp
- %TEMP%\Cab1.tmp
- %TEMP%\Tar2.tmp
- 'www.download.windowsupdate.com':80
- 'do####ad.freeze.com':80
- 'localhost':1037
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
- do####ad.freeze.com/flash/install_flash_player_10_active_x.msi
- DNS ASK www.download.windowsupdate.com
- DNS ASK do####ad.freeze.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''