Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\mskpds] 'Start' = '00000002'
- <DRIVERS>\ipfltdrv.sys файлом <DRIVERS>\ipfltdrv.sys.txt
- '<SYSTEM32>\cmd.exe' /C ping.exe 127.0.0.1 & del "<Полный путь к вирусу>"
- '<SYSTEM32>\ping.exe' 127.0.0.1
- '<SYSTEM32>\sc.exe' create mskpds type= kernel start= auto binpath= <DRIVERS>\mskpds.sys
- '<SYSTEM32>\sc.exe' stop ipfilterdriver
- '<SYSTEM32>\sc.exe' start ipfilterdriver
- %WINDIR%\system\jkf8322
- %WINDIR%\ime\wu1573.dll
- %WINDIR%\msapps\iz8683.nfo
- %WINDIR%\inf\ld1734.PNF
- %WINDIR%\inf\gzx0687.PNF
- %TEMP%\1.tmp
- <DRIVERS>\mskpds.log
- %TEMP%\1.tmp
- <DRIVERS>\ipfltdrv.sys
- <DRIVERS>\mskpds.log в <DRIVERS>\mskpds.sys