Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sysray' = '""%CommonProgramFiles%\msnmsgr.exe""'
- Средство контроля пользовательских учетных записей (UAC)
- %CommonProgramFiles%\msnmsgr.exe 2756 <Полный путь к вирусу>
- %WINDIR%\regedit.exe /s "%CommonProgramFiles%\c.reg"
- <SYSTEM32>\cmd.exe /c <Текущая директория>\a.bat
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\msn[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\setip[1].htm
- %CommonProgramFiles%\c.reg
- <Текущая директория>\a.bat
- <SYSTEM32>\ur.dll
- %CommonProgramFiles%\msnmsgr.exe
- %CommonProgramFiles%\ur.dll
- 'www.da###ngu.com':80
- 'www.ms#.com':80
- www.da###ngu.com/wwwa/new/setip.asp
- www.ms#.com/
- DNS ASK www.da###ngu.com
- DNS ASK www.ms#.com
- ClassName: 'GxWindowClass' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'D3D' WindowName: 'texbaiduQQ'
- ClassName: 'D3D' WindowName: 'texQQ'