Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'VDoc' = '"<Полный путь к вирусу>" /cs:0 '
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\SetupReleaseXP[1].cab
- %TEMP%\SetupRelease.cab
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\SetupReleaseXP[1].cab
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\SetupReleaseXP[1].cab
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\SetupReleaseXP[1].cab
- 'ps####pt.fdns.net':80
- 'vd####pdater.co.cc':80
- vd####pdater.co.cc/SetupReleaseXP.cab
- ps####pt.fdns.net/reports/minstalls.php
- DNS ASK ps####pt.fdns.net
- DNS ASK vd####pdater.co.cc
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'