Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Cn99qdns' = '<SYSTEM32>\svch0st.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\zhoujuexing2012[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\zhoujuexing2012[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\zhoujuexing2012[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\zhoujuexing2012[1]
- из <Полный путь к вирусу> в <SYSTEM32>\svch0st.exe
- '25#.#55.255.255':0
- 't.##.com':80
- t.##.com/zhoujuexing2012
- DNS ASK t.##.com