Tworzy foldery:
Kod: Zaznacz cały
* %UserProfile%\UserData\[EIGHT RANDOM CHARACTERS FOLDER NAME ONE]
* %UserProfile%\UserData\[EIGHT RANDOM CHARACTERS FOLDER NAME TWO]
* %UserProfile%\UserData\[EIGHT RANDOM CHARACTERS FOLDER NAME THREE]
* %UserProfile%\UserData\[EIGHT RANDOM CHARACTERS FOLDER NAME FOUR]
Tworzy pliki:
Kod: Zaznacz cały
* C:\Documents and Settings\All Users\Desktop\Streaming Music - MediaPass.lnk
* %UserProfile%\UserData\index.dat
* %System%\[FOUR RANDOM NUMBERS FILE NAME ONE].dll
* %System%\[FOUR RANDOM NUMBERS FILE NAME TWO].dll
* %System%\[FOUR RANDOM NUMBERS FILE NAME THREE].dll
Dodaje wpisy w rejestrze:
Kod: Zaznacz cały
* HKEY_CURRENT_USER\Software\IEBarProperties
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\[UNIQUE CLSID]
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
* HKEY_CLASSES_ROOT\CLSID\[UNIQUE CLSID]
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\[UNIQUE CLSID]
Zmienia ustawienia Internet Explorera:
Kod: Zaznacz cały
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Bar" = "http://www.tangosearch.com/?useie5=1&q="
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Use Custom Search URL" = "1"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\"Search Bar" = "http://www.tangosearch.com/?useie5=1&q="
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\"Use Custom Search URL" = "1"
Dodaje także:
Kod: Zaznacz cały
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\"DefaultConnectionSettings" = "[HEXADECIMAL STRING]"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"[UNIQUE CLSID]" = "0"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"[UNIQUE CLSID]" = "0"
Może ponadto przekierowywać strony na inne.
Źródło: Symantec