Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rfw1973124' = '"c:\rfw1973124.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'downyx' = '"<Полный путь к вирусу>"'
- C:\seemaos_setup_B941.exe (загружен из сети Интернет)
- C:\pipi_dae_394.exe (загружен из сети Интернет)
- C:\rfw1973124.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\seemaos_setup_B941[1].exe
- C:\seemaos_setup_B941.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\pipi_dae_394[1].exe
- C:\pipi_dae_394.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\rfw1973124[1].exe
- 'rs######ad.rising.com.cn':80
- 'do#####d.seemao.com.cn':80
- 'dl.#ipi.cn':80
- '12#.#1.213.25':90
- do#####d.seemao.com.cn/setup/B/seemaos_setup_B941.exe
- rs######ad.rising.com.cn/for_down/rsfree2011/rfwflm/rfw1973124.exe
- dl.#ipi.cn/pipi_dae_394.exe
- DNS ASK do#####d.seemao.com.cn
- DNS ASK rs######ad.rising.com.cn
- DNS ASK dl.#ipi.cn
- ClassName: 'Indicator' WindowName: ''