Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdates' = '<SYSTEM32>\<Имя вируса>.exe'
- <SYSTEM32>\reg.exe add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "WindowsUpdates" /t REG_SZ /d "<SYSTEM32>\<Имя вируса>.exe" /f
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cmyip[1]
- %WINDIR%\ip.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\irc[1].php
- %WINDIR%\server.txt
- 'cm##p.com':80
- 'ce######ne19.byethost2.com':80
- cm##p.com/
- ce######ne19.byethost2.com/data/irc.php
- DNS ASK cm##p.com
- DNS ASK ce######ne19.byethost2.com
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''