Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'autoClose' = '<Полный путь к вирусу>'
- %WINDIR%\remove_360.exe (загружен из сети Интернет)
- %WINDIR%\update_au.exe (загружен из сети Интернет)
- %WINDIR%\draw_text.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\draw_text[1].exe
- %WINDIR%\remove_360.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\remove_360[1].exe
- %WINDIR%\update_au.exe
- %WINDIR%\au.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\au[1].dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\update_au[1].exe
- %TEMP%\procwatch.tmp
- 'www.cy##.edu.tw':80
- www.cy##.edu.tw/~s9814606/draw_text.exe
- www.cy##.edu.tw/~s9814606/remove_360.exe
- www.cy##.edu.tw/~s9814606/au.dll
- www.cy##.edu.tw/~s9814606/update_au.exe
- DNS ASK www.cy##.edu.tw
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''