Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BLXarpfw' = '<Полный путь к вирусу>'
- <SYSTEM32>\arp.exe -a 10.0.0.1
- <SYSTEM32>\arp.exe -s 10.0.0.1 00-01-02-03-04-05
- <SYSTEM32>\ping.exe 10.0.0.1
- %WINDIR%\regedit.exe -s "%PROGRAM_FILES%\arpreg.tmp"
- <SYSTEM32>\ipconfig.exe
- %PROGRAM_FILES%\BLXarpfw.ini
- %PROGRAM_FILES%\arpreg.tmp
- %TEMP%\~DF19CA.tmp
- %PROGRAM_FILES%\arpreg.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''