Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'SelfdelNT' = 'cmd /C del "<Полный путь к вирусу>"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tmp' = '%APPDATA%\defender.exe'
- <SYSTEM32>\cmd.exe
- opera.exe
- YahooMessenger.exe
- java.exe
- safari.exe
- javaw.exe
- msnmsgr.exe
- iexplore.exe
- firefox.exe
- chrome.exe
- skype.exe
- %APPDATA%\defender.exe
- 'f9#########2b72fceb1196eb676df.co.cc':80
- 'localhost':1037
- http://f9#########2b72fceb1196eb676df.co.cc/preinst.php?id#########
- DNS ASK f9#########2b72fceb1196eb676df.co.cc
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'TForm5' WindowName: 'Peak Protection 2010 Instalation'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'TForm5' WindowName: 'Major Defense Kit Instalation'
- ClassName: 'TForm5' WindowName: 'AntiSpy Safeguard Instalation'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'TForm5' WindowName: 'Red Cross Antivirus Instalation'
- ClassName: 'TForm5' WindowName: 'Pest Detector 4.1 Instalation'