Техническая информация
- [<HKLM>\SOFTWARE\Classes\.scr] '' = 'VIRUS ABU_KI$$ 2010'
- [<HKLM>\SOFTWARE\Classes\.pif] '' = 'VIRUS ABU_KI$$ 2010'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '<SYSTEM32>\ABU_K!$$.vk10'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '<SYSTEM32>\ABU_K!$$.vk10'
- [<HKLM>\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command] '' = 'VIRUS ABU_KI$$ 2010'
- [<HKLM>\SOFTWARE\Classes\.exe] '' = 'VIRUS ABU_KI$$ 2010'
- [<HKLM>\SOFTWARE\Classes\.com] '' = 'VIRUS ABU_KI$$ 2010'
- [<HKLM>\SOFTWARE\Classes\.bat] '' = 'VIRUS ABU_KI$$ 2010'
- скрытых файлов
- Диспетчера задач (Taskmgr)
- [<HKCU>\Software\Microsoft\Internet Explorer\Main] 'Window Title' = 'VIRUS ABU_KI$$ 2010'
- C:\s.bmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\send[1].php
- <SYSTEM32>\ABU_K!$$.vk10
- <Полный путь к вирусу>
- 'me####s.lycos.co.uk':80
- 'localhost':1035
- me####s.lycos.co.uk/vk09/send.php?ma##########################################################
- DNS ASK me####s.lycos.co.uk
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Shell_traywnd' WindowName: ''
- ClassName: 'Progman' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''