Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PqrstuWxyabS5] 'ImagePath' = '<Полный путь к вирусу>'
- [<HKLM>\SYSTEM\ControlSet001\Services\PqrstuWxyabS5] 'Start' = '00000002'
- %WINDIR%\Temp\E_N50005\Hp_Socket.fne
- %WINDIR%\Temp\E_N50005\krnln.fnr
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\ic[1].asp
- %WINDIR%\Temp\E_N50005\spec.fne
- %TEMP%\E_N50005\Hp_Socket.fne
- %TEMP%\E_N50005\krnln.fnr
- <Текущая директория>\proxy.ini
- %TEMP%\E_N50005\spec.fne
- 'do###8.6655.la':5000
- '12##.ip138.com':80
- http://12##.ip138.com/ic.asp
- DNS ASK do###8.6655.la
- DNS ASK 12##.ip138.com