Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DesktopConfig2' = '<Полный путь к вирусу>'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\reg_page[2].jsp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\reg_page[2].jsp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\reg_page[2].jsp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\reg_page[3].jsp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\reg_page[3].jsp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\reg_page[2].jsp
- %TEMP%\GuaGua2010Beta2SetupGW_tg.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\reg_page[1].jsp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\reg_page[1].jsp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\reg_page[1].jsp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\reg_page[1].jsp
- %TEMP%\GuaGua2010Beta2SetupGW_tg.exe
- 'www.gu###a.com.cn':80
- 'localhost':1034
- www.gu###a.com.cn/interface/reg_page.jsp?ad#############################################################################################
- DNS ASK www.gu###a.com.cn
- '<IP-адрес в локальной сети>':1035