Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe "<Полный путь к вирусу>"'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\update.exe
- %TEMP%\nsl3.tmp\NSISdl.dll
- %CommonProgramFiles%\System\setup.exe
- %TEMP%\nsq2.tmp
- %CommonProgramFiles%\System\vd3_sys.dat
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\update.exe
- %CommonProgramFiles%\System\vd3_sys.dat
- %TEMP%\nsl3.tmp\NSISdl.dll
- 'www.vi####tartsnow.com':80
- www.vi####tartsnow.com/download.php?id#####
- DNS ASK www.vi####tartsnow.com