Техническая информация
- %TEMP%\is-IC938.tmp\<Имя вируса>.tmp /SL5="$300DC,1841081,51712,<Полный путь к вирусу>"
- %TEMP%\is-1U4I7.tmp\webctrl.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pkg_top[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pkg[1].html
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %TEMP%\is-IC938.tmp\<Имя вируса>.tmp
- %TEMP%\is-1U4I7.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-1U4I7.tmp\_isetup\_shfoldr.dll
- 'localhost':1038
- 'www.up#n.cc':80
- www.up#n.cc/pay/pkg.html
- www.up#n.cc/pay/pkg_top.html
- DNS ASK www.up#n.cc
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''