Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MSOffice' = '<SYSTEM32>\MSOffice\services.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MSOffice' = '<Полный путь к вирусу>'
- <SYSTEM32>\MSOffice\services.exe
- <DRIVERS>\etc\hosts
- <DRIVERS>\etc\hosts.new в <DRIVERS>\etc\hosts
- 'sp###min.biz':80
- sp###min.biz/xpsystem/crontab.ini
- sp###min.biz/xpsystem/commands.ini
- sp###min.biz/xpsystem/report.php?us#############################
- DNS ASK sp###min.biz