Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'LW_MC32' = '%APPDATA%\LW_MC\service.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'LW_MC32' = '<Полный путь к вирусу>'
- '%APPDATA%\LW_MC\service.exe'
- %APPDATA%\LW_MC\service.exe
- 'so###boom.eu':80
- http:///get.php?hi####################### via so###boom.eu
- DNS ASK so###boom.eu
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''