Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '<Полный путь к вирусу>'
- %TEMP%\gisnbenn2.ngse
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gisnbenn2[1].ngse
- %TEMP%\gisnbenn2.ngse
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gisnbenn2[1].ngse
- 'or#.#ampia.net':80
- 'localhost':1035
- or#.#ampia.net/oib/ar/gisnbenn2.ngse
- DNS ASK or#.#ampia.net