Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKDevice' = '<SYSTEM32>\WINFILES.EXE'
- '<SYSTEM32>\WINFILES.EXE' Kill_1=<Полный путь к вирусу>
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\announce[1].php
- <SYSTEM32>\K_File.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\start[1].php
- <SYSTEM32>\WINFILES.EXE
- 'st###.#earch-php.com':80
- st###.#earch-php.com/nav/announce.php?ci####
- st###.#earch-php.com/nav/start.php?ci####
- DNS ASK st###.#earch-php.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'