Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnonBadCertRecving' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnZoneCrossing' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1601' = '00000000'
- %HOMEPATH%\Desktop\SMART_HDD.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
- %HOMEPATH%\Start Menu\Programs\SMART HDD\Uninstall SMART HDD.lnk
- %ALLUSERSPROFILE%\Application Data\'R6=R_a4%BuQ$S
- %HOMEPATH%\Start Menu\Programs\SMART HDD\SMART HDD.lnk
- из <Полный путь к вирусу> в %ALLUSERSPROFILE%\Application Data\'R6=R_a4%BuQ$S.exe
- 'te###wnedca.com':80
- 'ni####backre.com':80
- 'ri####jerive.com':80
- ni####backre.com/s.php?0Q######################################################################
- te###wnedca.com/support/s
- ri####jerive.com/support/s
- ri####jerive.com/support/sr
- DNS ASK te###wnedca.com
- DNS ASK ni####backre.com
- DNS ASK ri####jerive.com
- '<IP-адрес в локальной сети>':1036
- '<IP-адрес в локальной сети>':1037
- ClassName: 'Shell_TrayWnd' WindowName: ''