Техническая информация
- '<SYSTEM32>\msiexec.exe' /Y "%PROGRAM_FILES%\Microsoft\MsiDropper\DllDropper.dll"
- '<SYSTEM32>\msiexec.exe' /V
- %TEMP%\kZ2wu2QP.sys
- %PROGRAM_FILES%\Microsoft\MsiDropper\DllDropper.dll
- %TEMP%\MSI3e204.LOG
- %WINDIR%\Temp\qQqKFOXZtlNABzH
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\loads[1].php
- %WINDIR%\Installer\37485.msi
- %TEMP%\itmfybws.msi
- C:\Config.Msi\37488.rbs
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\37487.ipi
- %TEMP%\itmfybws.msi
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\loads[1].php
- %WINDIR%\Installer\37485.msi
- %WINDIR%\Installer\MSI1.tmp
- %PROGRAM_FILES%\Microsoft\MsiDropper\DllDropper.dll
- C:\Config.Msi\37488.rbs
- из <Полный путь к вирусу> в %TEMP%\kZ9wu3QPth4PoXO4
- 'ge###e-2011.com':80
- ge###e-2011.com/cgi-bin/ware.cgi?ad##########
- ge###e-2011.com/loads.php?co###########
- DNS ASK ge###e-2011.com