Техническая информация
- <SYSTEM32>\hrdsoft.exe <Полный путь к вирусу>===
- %WINDIR%\regedit.exe /s ""%TEMP%\TempIE.reg""
- <SYSTEM32>\taskkill.exe /f /im ZhuDongFangyu.exe
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://ge#.#############################################################
- C:\RegTemp.txt
- %TEMP%\TempIE.reg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\get[1]
- <SYSTEM32>\1.ico
- <SYSTEM32>\ba1023.ico
- %TEMP%\TempIE.reg
- C:\RegTemp.txt
- 'ge#.asp':80
- 'localhost':1035
- ge#.asp/?ma#######################################################
- DNS ASK ge#.asp
- ClassName: 'Progman' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'SHELLDLL_DefView' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''