Техническая информация
- [<HKLM>\SOFTWARE\Classes\z002file\shell\open\command] '' = '%PROGRAM_FILES%\NetMeeting\nad.exe'
- %PROGRAM_FILES%\Microsoft\ueHWDI.exe <Полный путь к вирусу>
- %PROGRAM_FILES%\NetMeeting\nad.exe
- %PROGRAM_FILES%\NetMeeting\nad._
- %PROGRAM_FILES%\Microsoft\ueHWDI.exe
- %PROGRAM_FILES%\NetMeeting\nad._
- 'to####1.234399.com':80
- to####1.234399.com/getsum1.php?ac###########################################################################################
- DNS ASK to####1.234399.com