Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\VM7] 'Start' = '00000002'
- 'C:\Documents and Settings\carss.exe' yy.tmp WWW
- '<SYSTEM32>\cmd.exe' /c ""C:\Documents and Settings\yy.bat" "
- '<SYSTEM32>\sc.exe' \\10.0.0.2 config "VM7" binpath= "cmd.exe /c C:\Documents and Settings\yy.bat" start= auto type= interact type= own obj= localsystem password= ""
- '<SYSTEM32>\cmd.exe' /c "C:\Documents and Settings\fw.bat"
- '<SYSTEM32>\sc.exe' \\10.0.0.2 create "VM7" binpath= "cmd.exe /c C:\Documents and Settings\yy.bat" start= auto type= interact type= own displayname= "NVIDIA Driver Helper"
- C:\Documents and Settings\fw.bat
- C:\Documents and Settings\yy.bat
- \Device\LanmanRedirector\10.0.0.2\pipe\svcctl
- C:\Documents and Settings\yy.tmp
- C:\Documents and Settings\carss.exe
- %ALLUSERSPROFILE%\tmp~1.ini
- из <Полный путь к вирусу> в C:\ИИґшУг.scr
- '6w##.3322.org':9898
- '<IP-адрес в локальной сети>':445
- DNS ASK 6w##.3322.org