Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'IEUpdate' = '<SYSTEM32>\1041t.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunServices] 'IEUpdate' = '<SYSTEM32>\1041t.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'IEUpdate' = '<SYSTEM32>\1041t.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'IEUpdate' = '<SYSTEM32>\1041t.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\clbdriver] 'start' = '00000001'
- <DRIVERS>\beep.sys
- <DRIVERS>\beep.sys файлом <SYSTEM32>\beep.sys
- '<SYSTEM32>\1041t.exe'
- 'C:\msisetup.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1400' = '00000000'
- <SYSTEM32>\1041t.exe
- <SYSTEM32>\spywarewarning.mht
- <SYSTEM32>\spywarewarning2.mht
- C:\msisetup.exe
- <SYSTEM32>\clbdll.dll
- <SYSTEM32>\beep.sys
- <DRIVERS>\clbdriver.sys
- <SYSTEM32>\1041t.exe
- C:\msisetup.exe
- из <Полный путь к вирусу> в %TEMP%\clb3E8.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''