Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<Полный путь к вирусу>,'
- '%ProgramFiles%\Messenger\msmsgs.exe' -Embedding
- <SYSTEM32>\aq3.sys
- 'po#####cantinho.com.br':80
- 'mo######upermercados.com':80
- http://po#####cantinho.com.br/b1/ver/ver.dll
- http://mo######upermercados.com/n1/arq02/contador3.php
- DNS ASK po#####cantinho.com.br
- DNS ASK mo######upermercados.com
- ClassName: '' WindowName: 'Windows Live Today'
- ClassName: '' WindowName: 'Bem-vindo ao Windows Live Messenger'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'MSN Hoje'
- ClassName: '' WindowName: 'Today'
- ClassName: '' WindowName: 'MSN Today'
- ClassName: '' WindowName: 'Windows Live Hoje'
- ClassName: '' WindowName: 'Hoje'