Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Follower] 'ImagePath' = '<Полный путь к вирусу>'
- [<HKLM>\SYSTEM\ControlSet001\Services\Follower] 'Start' = '00000002'
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\tds6[3].php
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\tds6[4].php
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\tds6[1].php
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\tds6[2].php
- 'gi###irect.net':80
- 'localhost':1038
- http://gi###irect.net/1/tds6.php
- DNS ASK gi###irect.net
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''