Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'zywnryvr' = '%APPDATA%\iradcb\ckaejhq.exe'
- '<SYSTEM32>\dllhost.exe' -ipath "<Полный путь к вирусу>"
- <SYSTEM32>\dllhost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\53115CF455A3519FAB907D419F1F3CD0[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\AA31C3AEE097A10509986AEF3D172B7E[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\BFE7B947AFB8DA7F518BF6A16504B730[1].htm
- %APPDATA%\iradcb\ckaejhq.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\5074768ADA3E2739240D0BE710824A76[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\D8EFCC732B84C8D1C28B033BF60442AA[1].htm
- 'fa###80ru.ru':80
- DNS ASK fa###80ru.ru
- ClassName: 'Indicator' WindowName: ''