Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<Полный путь к вирусу>'
- %WINDIR%\Explorer.EXE
- 'jj###.playkar.com':80
- jj###.playkar.com/krwow/jj530.bmp
- jj###.playkar.com/krwow/jj530.jpg
- jj###.playkar.com/krwow/jj530.gif
- DNS ASK ms####.sx186.39226.cn
- DNS ASK jj###.playkar.com