Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '<SYSTEM32>\winimm32.exe'
- %WINDIR%\Tasks\ahnsvr.dat
- %WINDIR%\Tasks\ntfsny.dat
- %WINDIR%\Tasks\midisappe.dat
- [<HKLM>\SYSTEM\ControlSet001\Services\ntfsny] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\ahnsvr] 'Start' = '00000002'
- %WINDIR%\Explorer.EXE
- NtQuerySystemInformation, драйвер-обработчик: unknown
- NtSetInformationFile, драйвер-обработчик: unknown
- NtQueryDirectoryFile, драйвер-обработчик: unknown
- NtEnumerateKey, драйвер-обработчик: unknown
- NtEnumerateValueKey, драйвер-обработчик: unknown
- <DRIVERS>\ntfsny.sys
- <DRIVERS>\ahnsvr.sys
- %WINDIR%\ver.dat
- %WINDIR%\windowswalls.bmp
- <SYSTEM32>\midisappe.dll
- %WINDIR%\midisappe.dll
- <DRIVERS>\ahnsvr.sys
- <SYSTEM32>\midisappe.dll
- <DRIVERS>\ntfsny.sys
- %WINDIR%\windowswalls.bmp
- %WINDIR%\Tasks\midisappe.dat
- ClassName: 'VcSpiderClass' WindowName: 'VcSpiderClass'