Техническая информация
- [<HKLM>\SOFTWARE\Classes\CLSID\{B9E3DEF8-0601-4BAA-A2F3-B8A40775ABE2}\shell\Open\Command] '' = 'iexplore.exe http://pindao.huoban.taobao.com/channel/onSale.htm?pid=mm_10283620_0_0'
- [<HKLM>\SOFTWARE\Classes\CLSID\{34664233-90FF-477B-98E5-1F493BD93897}\shell\Open\Command] '' = 'iexplore.exe http://www.97dn.com/?x '
- [<HKLM>\SOFTWARE\Classes\CLSID\{8B69798C-E811-4483-91D4-9BBAA85593CE}\shell\Open\Command] '' = 'iexplore.exe http://www.97lx.com/?x '
- %APPDATA%\Microsoft\Internet Explorer\Жф¶Ї Internet Explorer дЇААЖч.lnk
- %HOMEPATH%\Favorites\МФ±¦№єОп.url
- %HOMEPATH%\Start Menu\Programs\internet explorer.lnk
- %APPDATA%\Microsoft\Internet Explorer\45566НшЦ·µјєЅ.lnk
- %HOMEPATH%\Favorites\АнПлПВФШ.url
- %WINDIR%\Resources\tp1.ico
- %WINDIR%\Resources\dy1.ico
- %HOMEPATH%\Favorites\АнПлУ°Фє.url
- %WINDIR%\Resources\yx1.ico
- %APPDATA%\Microsoft\Internet Explorer\Жф¶Ї Internet Explorer дЇААЖч.lnk
- %APPDATA%\Microsoft\Internet Explorer\45566НшЦ·µјєЅ.lnk
- %HOMEPATH%\Favorites\МФ±¦№єОп.url
- %HOMEPATH%\Favorites\АнПлУ°Фє.url
- %HOMEPATH%\Favorites\АнПлПВФШ.url
- из <Полный путь к вирусу> в %HOMEPATH%\Local Settings\Temporary Internet Files\temp.tmp