Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'YRTest' = '<Полный путь к вирусу>'
- C:\Documents and Settings\%USERNAME%\Start Menu\Programs\Startup\<Имя вируса>.lnk
- %WINDIR%\Tasks\At1.job
- C:\Documents and Settings\%USERNAME%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\rjian[1].htm
- C:\Documents and Settings\%USERNAME%\Local Settings\History\History.IE5\MSHist012016011520160116\index.dat
- C:\Documents and Settings\%USERNAME%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfg[1].txt
- C:\Documents and Settings\%USERNAME%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfg2[1].txt
- C:\Documents and Settings\%USERNAME%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfg2[1].txt
- C:\Documents and Settings\%USERNAME%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfg[1].txt
- 'www.9t##.net':80
- 'localhost':1040
- 'ct##.#unfeng.org':80
- 'ct##.#huidun.org':80
- http://www.9t##.net/pic/lieqi/rjian.htm
- http://ct##.#huidun.org/cfg2.txt
- http://ct##.#unfeng.org/cfg.txt
- DNS ASK www.9t##.net
- DNS ASK ct##.#huidun.org
- DNS ASK ct##.#unfeng.org
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''