Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'msviewer' = '%ProgramFiles%\Windows NT\Accessories\Microsoft\msviewer.exe'
- '%ProgramFiles%\Windows NT\Accessories\Microsoft\msviewer.exe' "<Полный путь к вирусу>"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\topblack[1].php
- %ProgramFiles%\Windows NT\Accessories\Microsoft\msviewer.exe
- 'ho####g.twinkes.net':80
- http://ho####g.twinkes.net/otete2/css/topblack.php
- DNS ASK ho####g.twinkes.net