Троянская программа представляет собой модифицированный файл ОС Windows «%System%\drivers\etc\hosts», который используется для перевода доменных имен (DNS) в IP-адреса.
145.122.155.213 avp.com
38.141.114.157 ca.com
63.185.237.164 customer.symantec.com
23.202.7.12 dispatch.mcafee.com
22.126.229.128 download.mcafee.com
212.174.152.172 downloads1.kaspersky-labs.com
201.205.219.0 downloads2.kaspersky-labs.com
230.135.169.2 downloads3.kaspersky-labs.com
196.184.0.188 downloads4.kaspersky-labs.com
53.28.155.139 downloads-eu1.kaspersky-labs.com
66.205.138.58 downloads-eu2.kaspersky-labs.com
118.140.98.217 downloads-eu3.kaspersky-labs.com
5.222.244.171 downloads-eu4.kaspersky-labs.com
33.122.75.254 downloads-us1.kaspersky-labs.com
23.22.204.3 downloads-us2.kaspersky-labs.com
127.9.83.63 downloads-us3.kaspersky-labs.com
31.216.18.81 downloads-us4.kaspersky-labs.com
70.37.16.156 f-secure.com
194.254.34.122 ftp.avp.com
62.168.31.177 ftp.ca.com
149.211.58.176 ftp.customer.symantec.com
128.64.57.85 ftp.dispatch.mcafee.com
31.107.132.70 ftp.download.mcafee.com
64.169.185.151 ftp.downloads1.kaspersky-labs.com
110.204.180.81 ftp.downloads2.kaspersky-labs.com
165.196.207.136 ftp.downloads3.kaspersky-labs.com
182.218.59.153 ftp.downloads4.kaspersky-labs.com
182.231.177.204 ftp.downloads-eu1.kaspersky-labs.com
135.165.124.87 ftp.downloads-eu2.kaspersky-labs.com
84.148.228.15 ftp.downloads-eu3.kaspersky-labs.com
141.246.168.201 ftp.downloads-eu4.kaspersky-labs.com
195.237.14.49 ftp.downloads-us1.kaspersky-labs.com
101.55.17.15 ftp.downloads-us2.kaspersky-labs.com
198.9.97.212 ftp.downloads-us3.kaspersky-labs.com
249.163.157.220 ftp.downloads-us4.kaspersky-labs.com
203.6.144.57 ftp.f-secure.com
127.214.199.252 ftp.grisoft.com
33.128.86.222 ftp.kaspersky.com
238.19.166.28 ftp.kaspersky-labs.com
198.201.140.1 ftp.liveupdate.symantec.com
25.240.149.112 ftp.liveupdate.symantecliveupdate.com
193.244.78.96 ftp.mast.mcafee.com
204.206.91.161 ftp.mcafee.com
141.178.53.215 ftp.my-etrust.com
135.22.233.144 ftp.nai.com
17.2.27.74 ftp.networkassociates.com
180.206.47.229 ftp.norton.com
44.168.239.211 ftp.rads.mcafee.com
6.7.242.111 ftp.sandbox.norman.com
81.127.164.91 ftp.secure.nai.com
210.133.68.86 ftp.securityresponse.symantec.com
175.18.159.95 ftp.sophos.com
9.203.246.152 ftp.symantec.com
238.137.63.45 ftp.symantecliveupdate.com
52.110.181.221 ftp.symatec.com
248.103.248.202 ftp.trendmicro.com
137.186.157.156 ftp.uk.trendmicro-europe.com
210.21.245.201 ftp.update.symantec.com
145.164.238.253 ftp.updates.symantec.com
10.61.208.218 ftp.updates1.kaspersky-labs.com
214.18.70.42 ftp.updates2.kaspersky-labs.com
45.251.90.54 ftp.updates3.kaspersky-labs.com
38.233.114.83 ftp.updates4.kaspersky-labs.com
215.89.108.216 ftp.us.mcafee.com
229.254.207.150 ftp.viruslist.com
74.19.87.6 grisoft.com
246.190.53.175 kaspersky.com
152.190.81.164 kaspersky-labs.com
163.55.114.242 liveupdate.symantec.com
224.178.1.231 liveupdate.symantecliveupdate.com
41.108.98.165 mast.mcafee.com
22.194.20.196 mcafee.com
193.126.133.150 my-etrust.com
223.77.226.187 nai.com
207.153.180.151 networkassociates.com
123.24.42.113 norton.com
137.190.217.52 pandasoftware.com
65.122.207.26 rads.mcafee.com
189.85.68.202 sandbox.norman.com
39.222.186.43 secure.nai.com
167.147.1.102 securityresponse.symantec.com
92.11.181.107 sophos.com
81.45.209.116 symantec.com
119.59.234.198 symantecliveupdate.com
3.220.34.192 symatec.com
173.148.103.117 trendmicro.com
201.56.28.203 uk.trendmicro-europe.com
158.220.177.251 update.symantec.com
134.207.71.226 updates.symantec.com
47.7.114.107 updates1.kaspersky-labs.com
19.40.176.25 updates2.kaspersky-labs.com
241.18.166.124 updates3.kaspersky-labs.com
114.127.175.3 updates4.kaspersky-labs.com
37.54.106.123 us.mcafee.com
150.92.180.198 viruslist.com
183.219.79.123 virusscan.jotti.org 175.246.160.127 virustotal.com
235.111.61.226 www.avp.com
15.235.187.110 www.ca.com
121.120.242.193 www.customer.symantec.com
27.66.48.116 www.dispatch.mcafee.com
77.135.1.124 www.download.mcafee.com
82.61.150.235 www.downloads1.kaspersky-labs.com
208.243.233.63 www.downloads2.kaspersky-labs.com
89.130.153.194 www.downloads3.kaspersky-labs.com
201.105.193.206 www.downloads4.kaspersky-labs.com
164.15.161.237 www.downloads-eu1.kaspersky-labs.com
187.61.106.152 www.downloads-eu2.kaspersky-labs.com
165.121.16.167 www.downloads-eu3.kaspersky-labs.com
109.38.86.160 www.downloads-eu4.kaspersky-labs.com
140.139.20.129 www.downloads-us1.kaspersky-labs.com
107.175.222.54 www.downloads-us2.kaspersky-labs.com
159.31.134.70 www.downloads-us3.kaspersky-labs.com
34.9.172.1 www.downloads-us4.kaspersky-labs.com
25.89.212.167 www.f-secure.com
15.165.173.86 www.grisoft.com
30.43.5.62 www.kaspersky.com
117.163.26.97 www.kaspersky-labs.com
59.41.193.96 www.liveupdate.symantec.com
171.138.15.157 www.liveupdate.symantecliveupdate.com
126.171.248.184 www.mast.mcafee.com
116.220.174.29 www.mcafee.com
18.72.138.189 www.my-etrust.com
105.105.92.36 www.nai.com
117.145.132.243 www.networkassociates.com
116.131.128.143 www.norton.com
185.174.246.245 www.pandasoftware.com
94.248.222.138 www.rads.mcafee.com
91.63.204.91 www.sandbox.norman.com
100.96.254.29 www.secure.nai.com
28.142.188.233 www.securityresponse.symantec.com
102.179.32.2 www.sophos.com
127.155.201.146 www.symantec.com
31.192.65.203 www.symantecliveupdate.com
68.103.79.66 www.symatec.com
239.223.56.100 www.trendmicro.com
121.32.28.133 www.uk.trendmicro-europe.com
56.9.86.204 www.update.symantec.com
165.145.171.118 www.updates.symantec.com
199.38.160.63 www.updates1.kaspersky-labs.com
117.234.86.250 www.updates2.kaspersky-labs.com
79.198.23.142 www.updates3.kaspersky-labs.com
122.210.43.92 www.updates4.kaspersky-labs.com
240.154.133.229 www.us.mcafee.com
133.203.203.161 www.viruslist.com
91.61.242.205 www.virustotal.com
Таким образом, все запросы к данным серверам переадресовываются на заданные адреса.
Все это — результат деятельности другой вредоносной программы.
Одно найти легче, чем другое. Спойлер: это не темная материя