Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<Полный путь к вирусу>,'
- <SYSTEM32>\dhcp\simupdconf.dll
- <SYSTEM32>\dhcp\simupdconf.dll
- 'www.co######serva.sitebr.net':80
- 'www.cf####.sitebr.net':80
- 'www.co######serva.com.sapo.pt':80
- 'www.cf#####res.com.sapo.pt':80
- 'www.cf#####res.site.br.com':80
- http://www.co######serva.sitebr.net/arquivos/updcfg.jpg
- http://www.cf####.sitebr.net/arquivos/updcfg.jpg
- http://www.co######serva.com.sapo.pt/arquivos/updcfg.jpg
- http://www.cf#####res.com.sapo.pt/arquivos/updcfg.jpg
- http://www.cf#####res.site.br.com/arquivos/updcfg.jpg
- DNS ASK www.co######serva.sitebr.net
- DNS ASK www.cf####.sitebr.net
- DNS ASK www.co######serva.com.sapo.pt
- DNS ASK www.cf#####res.com.sapo.pt
- DNS ASK www.cf#####res.site.br.com