Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\msliksurserv] 'start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\msliksurserv.sys] 'ImagePath' = 'globalroot<DRIVERS>\msliksurserv.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\msliksurserv.sys] 'Start' = '00000001'
- '%TEMP%\is-I05GT.tmp\setup.exe'
- '%TEMP%\is-GQ80F.tmp\<Имя вируса>.tmp' /SL5="$40036,53248,53248,<Полный путь к вирусу>"
- '<SYSTEM32>\msiexec.exe' /V
- %TEMP%\FR243532.tmp
- <DRIVERS>\msliksurserv.sys
- %TEMP%\is-I05GT.tmp\setup.exe
- %TEMP%\tmp2.tmp
- %TEMP%\tmp1.tmp
- <SYSTEM32>\msliksurcredo.dll
- %TEMP%\is-I05GT.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-GQ80F.tmp\<Имя вируса>.tmp
- %TEMP%\is-I05GT.tmp\_isetup\_shfoldr.dll
- <SYSTEM32>\msliksurdns.dll
- %TEMP%\is-I05GT.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-I05GT.tmp\setup.exe в %WINDIR%\Temp\tmp3.tmp
- DNS ASK je###nophz.com
- DNS ASK rz###ikrud.com
- DNS ASK pe###xupbj.com
- DNS ASK cx###lypdc.com
- DNS ASK rr###ldauz.com
- DNS ASK jz###yvcru.com
- DNS ASK nl###wffzm.com
- DNS ASK www.microsoft.com
- DNS ASK pg###dojiu.com
- DNS ASK dr###fdrir.com
- DNS ASK tw###hnygs.com
- ClassName: 'Shell_TrayWnd' WindowName: ''