Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Firewall' = '"%TEMP%\update.exe"'
- <SYSTEM32>\wmsec.dat
- %TEMP%\ms3214.tmp
- %TEMP%\<Имя вируса>rcs.doc
- %TEMP%\update.exe
- <SYSTEM32>\wmsec.dat
- 'wi#####updated.vicp.net':80
- 'wi#####updated.vicp.net':53
- DNS ASK wi#####updated.vicp.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''