Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svch0st1' = '%WINDIR%\svch0st1.exe'
- %PROGRAM_FILES%\RunDLL32.exe %WINDIR%\WINDOWSS.ini main
- %PROGRAM_FILES%\RunDLL32.exe
- %WINDIR%\WINDOWSS.ini
- %WINDIR%\Temp\54435.tmp
- из <Полный путь к вирусу> в %WINDIR%\svch0st1.exe
- 'yo####58.3322.org':8011
- DNS ASK yo####58.3322.org
- ClassName: 'Indicator' WindowName: ''