Техническая информация
- [<HKLM>\SOFTWARE\Classes\fzx\Shell\Open\Command] '' = '"Rundll32.exe" "winms32.pcu" readfile'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\elnk.lnk
- %TEMP%\is-FRL4T.tmp\is-GIOEN.tmp /SL4 $40036 "<Полный путь к вирусу>" 1919267 52224
- <SYSTEM32>\regsvr32.exe /s "%WINDIR%\winmsagent\fancygame.ocx"
- <SYSTEM32>\rundll32.exe "%WINDIR%\winmsagent\ukingsoft.dcu" kinsoft
- %WINDIR%\winmsagent\fancygame.ocx
- %WINDIR%\winmsagent\infofile.tmp
- %WINDIR%\winmsagent\Config.ini
- %WINDIR%\winmsagent\erun.fzx
- %WINDIR%\winmsagent\winrun.ico
- %WINDIR%\winms32.pcu
- %WINDIR%\winmsagent\rd.txt
- %WINDIR%\winmsagent\ukingsoft.dcu
- %WINDIR%\winmsagent\Install.tmp
- %TEMP%\is-OLF7A.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-OLF7A.tmp\InstallDll.dll
- %TEMP%\is-FRL4T.tmp\is-GIOEN.tmp
- %TEMP%\is-OLF7A.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\Sum520\is-HKE71.tmp
- %PROGRAM_FILES%\Sum520\unins000.dat
- %PROGRAM_FILES%\Sum520\is-JLSVP.tmp
- %PROGRAM_FILES%\Sum520\is-T5HF9.tmp
- %TEMP%\is-OLF7A.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-FRL4T.tmp\is-GIOEN.tmp
- %TEMP%\is-OLF7A.tmp\InstallDll.dll
- %TEMP%\is-OLF7A.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\Sum520\is-HKE71.tmp в %PROGRAM_FILES%\Sum520\Install.tmp
- %PROGRAM_FILES%\Sum520\is-T5HF9.tmp в %PROGRAM_FILES%\Sum520\InstallDll.dll
- %PROGRAM_FILES%\Sum520\is-JLSVP.tmp в %PROGRAM_FILES%\Sum520\unins000.exe
- '12#.#24.9.113':8022
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''