Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к вирусу>' = '<Полный путь к вирусу>:*:Enabled:Facemoods Installer'
- [<HKLM>\SOFTWARE\Microsoft\MSNMessenger]
- %TEMP%\is233770471\1167605568.cfg
- %TEMP%\is233770471\748499981.cfg
- 'vc.####moodsreport.com':80
- 'fa###oods.com':80
- fa###oods.com/public/download/1.4.17.1/ppcb/facemoods.cis
- vc.####moodsreport.com/vscript/vercheck.psc?pc#############
- DNS ASK vc.####moodsreport.com
- DNS ASK fa###oods.com
- ClassName: 'Shell_TrayWnd' WindowName: ''