Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ZBSvc] 'Start' = '00000002'
- %ALLUSERSPROFILE%\realupdate.exe *<Полный путь к вирусу>
- <SYSTEM32>\svchost.exe -k netsvcs
- <SYSTEM32>\zbdll.dll
- %ALLUSERSPROFILE%\realupdate.exe
- <SYSTEM32>\zb.dll
- 'ha#.##avlman.com':80
- ha#.##avlman.com/173953
- ha#.##avlman.com/184890
- ha#.##avlman.com/195875
- ha#.##avlman.com/140375
- ha#.##avlman.com/151671
- ha#.##avlman.com/162750
- DNS ASK ha#.##avlman.com