Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Hotwells.exe' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OperationSystem.exe' = '<LS_APPDATA>\TouletBlack\OperationSystem.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TaxiSystem.exe' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'InsertSound.exe' = ''
- '%ProgramFiles%\Messenger\msmsgs.exe' -Embedding
- <LS_APPDATA>\TouletBlack\OperationSystem.exe
- <Текущая директория>\RCX2.tmp
- <Текущая директория>\RCX1.tmp
- <Полный путь к вирусу>
- 'www.va#####roventura.com.br':80
- 'www.ma##ynk.pl':80
- 'www.in####nights.net':80
- 'www.ca###ezo.com':80
- 'www.ma###llagan.com':80
- 'www.le##get.com':80
- http://www.va#####roventura.com.br/fotos/washb.php
- http://www.ma##ynk.pl/galeria/washb.php
- http://www.in####nights.net/menu/washb.php
- http://www.ca###ezo.com/site/Itecf.php
- http://www.ma###llagan.com/Itecf.php
- http://www.le##get.com/en/Itecf.php
- DNS ASK www.va#####roventura.com.br
- DNS ASK www.ma##ynk.pl
- DNS ASK www.in####nights.net
- DNS ASK www.ca###ezo.com
- DNS ASK www.ma###llagan.com
- DNS ASK www.le##get.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''