Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Windows Services' = 'C:\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] 'Windows Services' = 'C:\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Windows Services' = 'C:\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Services' = 'C:\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Services' = 'C:\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Services' = 'C:\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Services' = 'C:\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Windows Services' = 'C:\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] 'Windows Services' = 'C:\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunServices] 'Windows Services' = 'C:\svchost.exe'
- скрытых файлов
- C:\svchost.exe
- C:\check.new
- C:\svchost.exe
- <Полный путь к вирусу>
- C:\check.new
- 'ir#.##.rizon.net':6667
- DNS ASK ir#.##.rizon.net
- ClassName: 'Indicator' WindowName: ''