Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wincer' = ''
- '%ALLUSERSPROFILE%\Application Data\taskmgr.exe'
- '<SYSTEM32>\cmd.exe' /c del <Полный путь к вирусу>
- %ALLUSERSPROFILE%\Application Data\taskmgr.exe
- 'mi####oft.dns1.us':80
- '21#.#1.209.76':80
- 'ci#####atabase.ns02.us':80
- 'mi#######-help.serveuser.com':80
- http://mi####oft.dns1.us/0000000000010B10JXFUNKsry54ZptGtp
- http://21#.#1.209.76/0000000000010B10JpQOvKjAyTzmc87E8z
- http://ci#####atabase.ns02.us/0000000000010B10J4q1MthdVGEkrURElM
- http://mi#######-help.serveuser.com/0000000000010B10J9YQyui0iAWMT
- DNS ASK mi####oft.dns1.us
- DNS ASK mi#######-help.serveuser.com
- DNS ASK ci#####atabase.ns02.us