Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>.exe' = '"<Полный путь к вирусу>"'
- [<HKLM>\SYSTEM\ControlSet001\Services\DnsServer_11] 'Start' = '00000002'
- '%WINDIR%\dns.exe' srv
- '<SYSTEM32>\sc.exe' delete "DnsServer_11"
- '<SYSTEM32>\sc.exe' create "DnsServer_11" binpath= "%WINDIR%\dns.exe srv" start= "auto"
- '<SYSTEM32>\net1.exe' start "DnsServer_11"
- '<SYSTEM32>\taskkill.exe' /F /IM dns.exe
- '<SYSTEM32>\net.exe' stop "DnsServer_11"
- '<SYSTEM32>\net1.exe' stop "DnsServer_11"
- %WINDIR%\dns.exe
- 'su####arsinfo.net':80
- '25#.#55.255.255':8080
- 'fr###pac.net':80
- http://su####arsinfo.net/distrib_serv/ip_list.php
- http://fr###pac.net/distrib_serv/ip_list.php
- DNS ASK su####arsinfo.net
- DNS ASK yandex.ru
- DNS ASK fr###pac.net
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: '' WindowName: ''