Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Driver' = '%WINDIR%\svchost.exe -LM'
- '%TEMP%\2.tmp\realip.exe'
- '%TEMP%\1.tmp\svchost.exe'
- '%WINDIR%\regedit.exe' /S svchost.reg
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\2.tmp\IP Real.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\Copier.bat" "
- '<SYSTEM32>\xcopy.exe' svchost.exe %WINDIR%\ /y /h
- %TEMP%\2.tmp\blat.dll
- %TEMP%\2.tmp\blat.lib
- %TEMP%\2.tmp\blat.exe
- %TEMP%\2.tmp\realip.exe
- %TEMP%\2.tmp\IP Real.bat
- %TEMP%\1.tmp\svchost.exe
- %TEMP%\1.tmp\Copier.bat
- %WINDIR%\svchost.exe
- %TEMP%\1.tmp\svchost.reg
- 'www.la###search.com':80
- www.la###search.com/getip.php?la######
- DNS ASK www.la###search.com
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'