Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\WindowsApplication1.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Windows Live Messenger.lnk
- %TEMP%\_ir_sf_temp_1\irsetup.exe __IRAOFF:657954 "__IRAFN:%PROGRAM_FILES%\Windows Live\msg.exe" "__IRCT:1" "__IRTSS:0" "__IRSID:S-1-5-21-2052111302-484763869-725345543-1003"
- %PROGRAM_FILES%\Windows Live Messenger\msg.exe
- %TEMP%\_ir_sf_temp_0\irsetup.exe __IRAOFF:666146 "__IRAFN:<Полный путь к вирусу>" "__IRCT:1" "__IRTSS:0" "__IRSID:S-1-5-21-2052111302-484763869-725345543-1003"
- %PROGRAM_FILES%\Windows Live\msg.exe
- %TEMP%\_ir_sf_temp_1\irsetup.dat
- %TEMP%\_ir_sf_temp_1\irsetup.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\matrix.1matrixclub[1]
- %PROGRAM_FILES%\Windows Live Messenger\msg.exe
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %PROGRAM_FILES%\Windows Live\msg.exe
- %TEMP%\_ir_sf_temp_1\irsetup.dat
- %TEMP%\_ir_sf_temp_1\irsetup.exe
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- 'ma####.1matrixclub.com':80
- 'localhost':1036
- ma####.1matrixclub.com/
- DNS ASK 1m###ixclub.com
- DNS ASK ma####.1matrixclub.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''