Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'urlspace' = '<Полный путь к вирусу> -h'
- %TEMP%\TaskcoreTemp\Content.IE5\3M5IX8XA\desktop.ini
- %TEMP%\TaskcoreTemp\Content.IE5\GHI745AJ\desktop.ini
- %TEMP%\TaskcoreTemp\Content.IE5\E105W5EZ\desktop.ini
- %TEMP%\TaskcoreTemp\History.IE5\desktop.ini
- %TEMP%\TaskcoreTemp\History.IE5\index.dat
- %TEMP%\TaskcoreTemp\index.dat
- %TEMP%\TaskcoreTemp\desktop.ini
- %APPDATA%\Spiritsoft\urlspirit\index.dat
- %APPDATA%\Spiritsoft\urlspirit\product.dat
- %TEMP%\TaskcoreTemp\Content.IE5\7Q4GYGKO\desktop.ini
- %TEMP%\TaskcoreTemp\Content.IE5\desktop.ini
- %TEMP%\TaskcoreTemp\Content.IE5\index.dat
- %TEMP%\TaskcoreTemp\Content.IE5\GHI745AJ\desktop.ini
- %TEMP%\TaskcoreTemp\Content.IE5\3M5IX8XA\desktop.ini
- %TEMP%\TaskcoreTemp\History.IE5\desktop.ini
- %TEMP%\TaskcoreTemp\Content.IE5\E105W5EZ\desktop.ini
- %TEMP%\TaskcoreTemp\desktop.ini
- %TEMP%\TaskcoreTemp\Content.IE5\desktop.ini
- %TEMP%\TaskcoreTemp\Content.IE5\7Q4GYGKO\desktop.ini
- %APPDATA%\Spiritsoft\urlspirit\index.dat
- 'ur#####it.spiritsoft.cn':80
- http://ur#####it.spiritsoft.cn/update/update.htm?q=#####
- DNS ASK ur#####it.spiritsoft.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''