Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'ЎЎ'
- из <Полный путь к вирусу> в <SYSTEM32>\wbem\ЎЎ.dll
- 'qi####oye365.com':80
- '74.##5.232.51':80
- http://qi####oye365.com/wzc.asp?hi##############################################################
- http://google.com/hk.htm?hi############################################################## via 74.##5.232.51
- DNS ASK google.com
- DNS ASK qi####oye365.com
- DNS ASK h.##-a.com
- DNS ASK qq.com
- DNS ASK g.##-b.com