Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Media Pass' = '%PROGRAM_FILES%\Media Pass\MediaPass.exe'
- %PROGRAM_FILES%\Media Pass\MediaPassK.exe
- %PROGRAM_FILES%\Media Pass\MediaPassK.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\Info[1].txt
- %PROGRAM_FILES%\Media Pass\Info.txt
- <SYSTEM32>\ide21201.vxd
- %PROGRAM_FILES%\Media Pass\MediaPassC.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\MediaPassK[1].exe
- %PROGRAM_FILES%\Media Pass\MediaPassK.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\MediaPassC[1].dll
- из <Полный путь к вирусу> в %PROGRAM_FILES%\Media Pass\MediaPass.exe
- 'st####.windupdates.com':80
- 'localhost':1035
- st####.windupdates.com/Release/v18/Info.txt
- st####.windupdates.com/Release/v18/MediaPassC.dll
- st####.windupdates.com/Release/v18/MediaPassK.exe
- DNS ASK st####.windupdates.com