Техническая информация
- %PROGRAM_FILES%\winzip\iedw.exe
- %PROGRAM_FILES%\winzip\ctfmon.exe
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\net.exe stop sharedaccess
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\huhu[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\gggg[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\baidu[1]
- %ALLUSERSPROFILE%\Application Data\now.txt
- %PROGRAM_FILES%\winzip\ctfmon.exe
- %PROGRAM_FILES%\winzip\IEXPLORE.EXE
- %PROGRAM_FILES%\winzip\iedw.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\huhu[1].asp
- из <Полный путь к вирусу> в %PROGRAM_FILES%\winzip\ctfmom.exe
- 'localhost':1044
- 'www.ba##u.com':80
- 'www.pe###boy.net':80
- 'localhost':1038
- 'localhost':1039
- www.ba##u.com/
- www.pe###boy.net/gggg.htm?20######
- www.pe###boy.net/ht/huhu.asp
- DNS ASK js.##ers.51.la
- DNS ASK www.ba##u.com
- DNS ASK www.pe###boy.net
- '<IP-адрес в локальной сети>':1041
- '<IP-адрес в локальной сети>':1040
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: '' WindowName: '??'
- ClassName: 'Notepad' WindowName: ''