Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<Полный путь к вирусу>'
- %WINDIR%\Explorer.EXE
- 'yu###.blog5566.com':80
- yu###.blog5566.com/images/yukor.bmp
- yu###.blog5566.com/images/yukor.jpg
- yu###.blog5566.com/images/yukor.gif
- DNS ASK www.ch##a.com
- DNS ASK yu###.blog5566.com
- DNS ASK www.te###nghua.com