Техническая информация
Вредоносные функции:
Создает и запускает на исполнение:
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\mIRCTurk.exe
Запускает на исполнение:
- %WINDIR%\msagent\agentsvr.exe -Embedding
Изменения в файловой системе:
Создает следующие файлы:
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\sounds\kick.wav
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\sounds\nudge.wav
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\sounds\online.wav
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\sounds\cik.wav
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\sounds\demet.mp3
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\sounds\flash.wav
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\sounds\op.wav
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\besiktas\ust.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\besiktas\yan.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\besiktas.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\sounds\part.wav
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\besiktas\orta.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\besiktas\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\sounds\ao.wav
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\script3.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\script4.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\script5.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\remote.ini
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\script1.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\script2.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\script6.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\servers.ini
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\settings.ini
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\sounds\ac.wav
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\script7.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\script8.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\script9.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\orj-1\yan.jpg
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\orj.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\orj2.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\orj-1\orta.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\orj-1\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\orj-1\ust.jpg
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\Uninstall.exe
- %HOMEPATH%\Desktop\MT-Global v2.2.lnk
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\Uninstall.ini
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\WhileFix.dll
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\WinAmpI.dll
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\orj\yan.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\fenerbahce\yan.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\fenerbahce.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\galatasaray\orta.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\fenerbahce\orta.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\fenerbahce\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\fenerbahce\ust.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\galatasaray\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\orj\orta.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\orj\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\orj\ust.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\galatasaray\ust.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\galatasaray\yan.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\galatasaray.gif
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\dlls\in_mp3.dll
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\dlls\out_wave.dll
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\nadd.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\data\whoisrawlari.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\dll\nudge.dll
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\dlls\amp_in.dll
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\nchat.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\network.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\nexp.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\nlist.icl
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\ncol.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\ndel.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\nedit.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\data\titresim.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\banner.jpg
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\data\altug.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\data\ciprix.mrc
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\aliases.ini
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\data\kaan.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\data\script1.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\data\script2.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\data\script3.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\data\kanalseslenme.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\data\mesgulmenu.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\data\ozelseslenme.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\mdx\popups.dll
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\mdx\views.mdx
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\mirc.ini
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\yes.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\kayit.reg
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\mdx\mdx.dll
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\mircstm.dll
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\notfiy.mrc
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\popups.ini
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\ReadMe.txt
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\mIRCTurk.exe
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\mtglobal.jpg
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\nlist.ini
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\users.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\notify.bmp
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\npro.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\nquery.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\nmenu.icl
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\nnet.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\none.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\nview.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\online.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\refresh.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\nweb.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\nwhois.ico
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\offline.ico
Присваивает атрибут 'скрытый' для следующих файлов:
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\orj\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\orj-1\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\galatasaray\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\icons\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\besiktas\Thumbs.db
- %PROGRAM_FILES%\mIRCTurk\mIRCTurk Global\tema\fenerbahce\Thumbs.db
Удаляет следующие файлы:
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
Другое:
Ищет следующие окна:
- ClassName: 'Shell_TrayWnd' WindowName: ''
