Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '保护系统磁盘' = '<Полный путь к вирусу>'
- %HOMEPATH%\Local Settings\Temptemp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\mlist[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\post[1].php
- %TEMP%\aut1.tmp
- %TEMP%\MList.dat
- %TEMP%\aut1.tmp
- 'un###.efchan.com':80
- un###.efchan.com/mlist.txt
- un###.efchan.com/post.php?a=########################################
- DNS ASK un###.efchan.com
- DNS ASK www.ba##u.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'