Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsFilterCheck' = 'C:\Arquivos de programas\<Имя вируса>.exe'
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = ''
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\<Имя вируса>.exe
- %WINDIR%\Arq.ini
- %WINDIR%\winload.inf
- %WINDIR%\done.dll
- <Полный путь к вирусу>
- %WINDIR%\Arq.ini
- 'sm###.bol.com.br':25
- 'localhost':1047
- 'pa#####.terra.com.br':80
- 'br.#sn.com':80
- '74.##5.232.51':25
- 'sm##.##a.terra.com.br':25
- http://pa#####.terra.com.br/negocios/vida/arq.ini
- DNS ASK sm##.##a.terra.com.br
- DNS ASK sm###.bol.com.br
- DNS ASK pa#####.terra.com.br
- DNS ASK br.#sn.com
- DNS ASK gm######tp-in.l.google.com
- DNS ASK gs####85.google.com