Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,qvbab.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\qvbab.exe
- '83####.3g-ihome.com':80
- 83####.3g-ihome.com/lw/832792.bmp
- 83####.3g-ihome.com/lw/832792.jpg
- 83####.3g-ihome.com/lw/832792.gif
- DNS ASK www.ya##o.com
- DNS ASK 83####.3g-ihome.com
- DNS ASK www.ld##.com