Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Dhcp ] 'Start' = '00000002'
- %WINDIR%\Temp\svchost.exe
- <SYSTEM32>\cmd.exe /c "<Имя вируса>.exe_And DeleteMe.bat"
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\zhoujuexing2012[1]
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LBMMC3H3\zhoujuexing2012[1]
- %WINDIR%\Temp\svchost.exe
- <Полный путь к вирусу>_And DeleteMe.bat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LBMMC3H3\zhoujuexing2012[1]
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\zhoujuexing2012[1]
- <Полный путь к вирусу>_And DeleteMe.bat
- '25#.#55.255.255':0
- 't.##.com':80
- t.##.com/zhoujuexing2012
- DNS ASK t.##.com