Техническая информация
- '%WINDIR%\kurulumyeni.exe'
- '%WINDIR%\homet.exe'
- '%WINDIR%\homes.exe'
- '%TEMP%\is-5RQ0A.tmp\<Имя вируса>.tmp' /SL5="$30092,157751,56832,<Полный путь к вирусу>"
- '%TEMP%\is-D24AA.tmp\<Имя вируса>.tmp' /SL5="$50036,157751,56832,<Полный путь к вирусу>" /SILENT
- '%WINDIR%\kurulumyeni.exe' (загружен из сети Интернет)
- %WINDIR%\is-SGSBC.tmp
- %WINDIR%\is-G67DP.tmp
- %WINDIR%\is-U1RTN.tmp
- %WINDIR%\unins000.dat
- %ALLUSERSPROFILE%\Desktop\Internet Explorer.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Tarayэcэsэ'nэ Baюlat.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
- %WINDIR%\kurulumyeni.exe
- %TEMP%\is-TM2UB.tmp\itdownload.dll
- %TEMP%\is-TM2UB.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-5RQ0A.tmp\<Имя вируса>.tmp
- %TEMP%\is-D24AA.tmp\<Имя вируса>.tmp
- %TEMP%\is-GNDJB.tmp\kurulumyeni.exe
- %TEMP%\is-GNDJB.tmp\itdownload.dll
- %TEMP%\is-GNDJB.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-GNDJB.tmp\kurulumyeni.exe
- %TEMP%\is-GNDJB.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-D24AA.tmp\<Имя вируса>.tmp
- %TEMP%\is-GNDJB.tmp\itdownload.dll
- %TEMP%\is-TM2UB.tmp\itdownload.dll
- %TEMP%\is-TM2UB.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-5RQ0A.tmp\<Имя вируса>.tmp
- %WINDIR%\is-SGSBC.tmp в %WINDIR%\homet.exe
- %WINDIR%\is-G67DP.tmp в %WINDIR%\homes.exe
- %WINDIR%\is-U1RTN.tmp в %WINDIR%\unins000.exe
- 'www.tv##.net':80
- www.tv##.net/dosyalar/kurulumyeni.exe
- DNS ASK www.tv##.net
- ClassName: 'Shell_TrayWnd' WindowName: ''