Техническая информация
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 3 >nul&del "<Полный путь к вирусу>"
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\baidu[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\baidu[1]
- '12#.#25.114.144':80
- http://www.ba##u.com/ via 12#.#25.114.144
- DNS ASK www.ba##u.com