Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Google Update' = '<SYSTEM32>\syscmd.exe /WinStart'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- Редактора реестра (RegEdit)
- Компонент восстановления системы (SR)
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoControlPanel' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoControlPanel' = '00000000'
- из <Полный путь к вирусу> в <SYSTEM32>\syscmd.exe
- '78.##6.243.184':1990
- 'wh#####yipaddress.com':80
- wh#####yipaddress.com/
- DNS ASK wh#####yipaddress.com
- ClassName: '(null)' WindowName: 'Windows Security Alert'
- ClassName: '(null)' WindowName: 'Windows G?venlik Uyar?s?'