Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\oskmvb] 'ImagePath' = '<DRIVERS>\oskmvb.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\oskmvb] 'Start' = '00000002'
- <DRIVERS>\ipfltdrv.sys
- '<SYSTEM32>\cmd.exe' /C ping.exe 127.0.0.1 & del "<Полный путь к вирусу>"
- '<SYSTEM32>\ping.exe' 127.0.0.1
- '<SYSTEM32>\sc.exe' create oskmvb type= kernel start= auto binpath= <DRIVERS>\oskmvb.sys
- '<SYSTEM32>\sc.exe' stop ipfilterdriver
- '<SYSTEM32>\sc.exe' start ipfilterdriver
- %WINDIR%\ime\wg9145.dll
- <SYSTEM32>\dllcache\ipfltdrv.sys.new
- %WINDIR%\inf\vzh4195
- %WINDIR%\inf\in5127.PNF
- %WINDIR%\repair\kn0389
- <DRIVERS>\ipfltdrv.sys.new
- %TEMP%\1.tmp
- %WINDIR%\msagent\hut0239.tlb
- <SYSTEM32>\dllcache\ipfltdrv.sys.sys
- <DRIVERS>\oskmvb.log
- <DRIVERS>\ipfltdrv.sys.txt
- %TEMP%\1.tmp
- <DRIVERS>\ipfltdrv.sys
- <DRIVERS>\oskmvb.log в <DRIVERS>\oskmvb.sys
- DNS ASK www.ba##u.com