Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\pe386] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\pe386] 'ImagePath' = '<SYSTEM32>\pe386.sys'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\pe386.sys
- 'ft#.icq.com':80
- '74.##5.232.51':80
- '20#.#6.194.14':80
- 74.##5.232.51/search?hl########################
- ft#.icq.com/pub/ICQ_Win95_98_NT4/ICQ_5/icq5_setup.exe
- 20#.#6.194.14/index.php?pa#######
- 20#.#6.194.14/banner/index.php
- DNS ASK www.google.com
- DNS ASK ft#.icq.com
- DNS ASK google.com