Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Classes\CLSID\{3A795A0C-C09F-F8F6-C625-DF5DA985F05D}\Shell\Open\Command] '' = '"%PROGRAM_FILES%\Internet Explorer\iexplore.exe" %1 h%t%t%p%:%/%/%w%w%w%.h%a%o%16%10%12%.%c%o%m%/%?%g%_%10'
- [<HKLM>\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] '' = '"%PROGRAM_FILES%\Internet Explorer\iexplore.exe" http://www.hao602.com/?g_0'
- <Текущая директория>\itemlist.ini
- <Текущая директория>\macjie.ini
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Жф¶Ї Internet Explorer дЇААЖч.lnk
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'SHELLDLL_DefView' WindowName: ''
- ClassName: 'Progman' WindowName: ''