Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'intel134' = '%HOMEPATH%\Start Menu\Programs\Startup\svchostm.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'intel435' = '%HOMEPATH%\Start Menu\Programs\Startup\svchostm.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'intel132' = '%APPDATA%\Roaming\svchostm.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'intel431' = '%APPDATA%\Roaming\svchostm.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\<Имя вируса>.exe
- %TEMP%\iurmwyw
- %TEMP%\aut1.tmp
- %TEMP%\iurmwyw
- %TEMP%\aut1.tmp
- ClassName: 'Indicator' WindowName: ''