Техническая информация
- [<HKLM>\SOFTWARE\Classes\.NewIE\shell\open\command] '' = 'IEXPLORE.EXE http://www.jiuku123.com'
- расширений файлов
- %WINDIR%\1059\spring.jpg 1568
- %WINDIR%\1059\mone.jpg
- %WINDIR%\1059\women.jpg <Полный путь к вирусу>===
- <SYSTEM32>\rundll32.exe advpack.dll,DelNodeRunDLL32 %APPDATA%\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk
- %WINDIR%\regedit.exe /s "%WINDIR%\1059\jia.reg"
- %WINDIR%\1059\winner.jpg
- %WINDIR%\1059\jia.reg
- %WINDIR%\1059\spring.jpg
- %WINDIR%\1059\women.jpg
- %WINDIR%\1059\mone.jpg
- %WINDIR%\1059\Sunset.jpg
- %HOMEPATH%\Start Menu\Programs\Internet Explorer.NewIE
- %HOMEPATH%\Favorites\.url
- %HOMEPATH%\Desktop\Internet Explorer.NewIE
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.NewIE
- %HOMEPATH%\Start Menu\Internet Explorer.NewIE
- %WINDIR%\1059\13.ico
- %WINDIR%\1059\5.ico
- %WINDIR%\1059\6.ico
- %WINDIR%\1059\4.ico
- %WINDIR%\1059\2.ico
- %WINDIR%\1059\3.ico
- %WINDIR%\1059\7.ico
- %WINDIR%\1059\11.ico
- %WINDIR%\1059\17.ico
- %WINDIR%\1059\10.ico
- %WINDIR%\1059\8.ico
- %WINDIR%\1059\9.ico
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''