Техническая информация
- [<HKLM>\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command] '' = '"<Полный путь к вирусу>" %1'
- [<HKLM>\SYSTEM\ControlSet001\Services\wshon] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k wshon
- <SYSTEM32>\wshon.dll
- %TEMP%\~td1.tmp
- %TEMP%\dft23.tmp
- 'ma####ews.8800.org':80
- DNS ASK ns#.#322.net
- DNS ASK ma####ews.8800.org
- DNS ASK ns#.#hina.com
- ClassName: 'Shell_TrayWnd' WindowName: ''