Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'IEXPLORE.EXE' = '%PROGRAM_FILES%\Internet Exp1orer\IEXPLORE.EXE'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'IEXPLORE.EXE' = '%PROGRAM_FILES%\Internet Exp1orer\IEXPLORE.EXE'
- %PROGRAM_FILES%\Internet Exp1orer\IEXPLORE.EXE
- %WINDIR%\$NtUninstallKB922582$\fltmkb.dll
- %PROGRAM_FILES%\Internet Exp1orer\IEXPLORE
- <Текущая директория>\~a
- <Текущая директория>\~a
- из <Полный путь к вирусу> в <SYSTEM32>\~zlzl.exe
- 'www.vi###rinet.com':80
- 'www.ta###enter.com':80
- www.vi###rinet.com/yzmle/ver.htm
- www.vi###rinet.com/yzmle/SomeUpVer.htm
- www.vi###rinet.com/yzmle/dizhi.gif
- www.ta###enter.com/yzmle/bak.htm
- www.vi###rinet.com/yzmle/app.htm
- www.vi###rinet.com/yzmle/hostlist.htm
- DNS ASK www.vi###rinet.com
- DNS ASK www.ta###enter.com