Техническая информация
- [<HKLM>\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] '' = '"%PROGRAM_FILES%\Internet Explorer\iexplore.exe" http://www.1188.com/?<Имя вируса>'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\dmadmx.exe'
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
- <SYSTEM32>\dmadmx.exe