Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnonBadCertRecving' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnZoneCrossing' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1601' = '00000000'
- %HOMEPATH%\Desktop\Gbwb#Qf`lufqz.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Gbwb#Qf`lufqz.lnk
- %HOMEPATH%\Start Menu\Programs\Gbwb#Qf`lufqz\Uninstall Gbwb#Qf`lufqz.lnk
- %ALLUSERSPROFILE%\Application Data\eH2538jGyJus7l
- %HOMEPATH%\Start Menu\Programs\Gbwb#Qf`lufqz\Gbwb#Qf`lufqz.lnk
- из <Полный путь к вирусу> в %ALLUSERSPROFILE%\Application Data\eH2538jGyJus7l.exe
- 'se######lliam.org,aqjwj{':80
- 'fi####am.org,aqjwj{':80
- 'cl#####ught.org,aqjwj{':80
- 'se#####hine.org,aqjwj{':80
- 'se####william.org':80
- 'fi#####itor.org,aqjwj{':80
- fi####am.org,aqjwj{/b
- se######lliam.org,aqjwj{/bq
- fi####am.org,aqjwj{/bq
- cl#####ught.org,aqjwj{/bq
- cl#####ught.org,aqjwj{/b
- se######lliam.org,aqjwj{/b
- se####william.org/404.php?ty#################################################
- se#####hine.org,aqjwj{/b
- se#####hine.org,aqjwj{/bq
- fi#####itor.org,aqjwj{/bq
- fi#####itor.org,aqjwj{/b
- DNS ASK se######lliam.org,aqjwj{
- DNS ASK fi####am.org,aqjwj{
- DNS ASK cl#####ught.org,aqjwj{
- DNS ASK se#####hine.org,aqjwj{
- DNS ASK se####william.org
- DNS ASK fi#####itor.org,aqjwj{
- ClassName: 'Shell_TrayWnd' WindowName: ''