Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dplaysvr' = 'C:\Documents and Settings\%USERNAME%\Application Data\dplaysvr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dplaysvr' = 'C:\Documents and Settings\%USERNAME%\Application Data\dplaysvr.exe'
- 'C:\Documents and Settings\%USERNAME%\Application Data\dplaysvr.exe' <Полный путь к вирусу>
- C:\Documents and Settings\%USERNAME%\Application Data\dplaysvr.exe
- C:\Documents and Settings\%USERNAME%\Application Data\dplayx.dll
- C:\Documents and Settings\%USERNAME%\Local Settings\Temp\4.tmp
- C:\Documents and Settings\%USERNAME%\Local Settings\Temp\1.tmp
- C:\Documents and Settings\%USERNAME%\Local Settings\Temp\2.tmp
- C:\Documents and Settings\%USERNAME%\Application Data\dplayx.dll
- C:\Documents and Settings\%USERNAME%\Application Data\dplaysvr.exe
- C:\Documents and Settings\%USERNAME%\Local Settings\Temp\4.tmp
- C:\Documents and Settings\%USERNAME%\Local Settings\Temp\2.tmp
- C:\Documents and Settings\%USERNAME%\Local Settings\Temp\1.tmp
- '19#.#66.218.217':80
- http://19#.#66.218.217/adv.php?rn########
- ClassName: 'Indicator' WindowName: ''