Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP000.TMP\""'
- <SYSTEM32>\at.exe 15:03 <SYSTEM32>\cmd.exe /c del /F /Q "<Полный путь к вирусу>"
- <SYSTEM32>\at.exe 14:02 /every:M "<SYSTEM32>\PresenntationHost.exe"
- <SYSTEM32>\C_285597.NLS
- <SYSTEM32>\dpnnhupnp.dll
- <SYSTEM32>\c_0337.nls
- <SYSTEM32>\c_8865.nls
- <SYSTEM32>\c_285592.nls
- <SYSTEM32>\c_8666.nls
- <SYSTEM32>\1062\inf1062.dat
- <SYSTEM32>\PresenntationHost.exe
- <SYSTEM32>\ipsecssvc.dll
- %TEMP%\IXP000.TMP\image109
- %TEMP%\IXP000.TMP\SLF
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\inetdoc
- %TEMP%\IXP000.TMP\propgroups
- %TEMP%\IXP000.TMP\setup.exe.dll
- %TEMP%\IXP000.TMP\DataProvider
- %TEMP%\IXP000.TMP\cvx5517
- %TEMP%\IXP000.TMP\inetdoc
- %TEMP%\IXP000.TMP\image109
- %TEMP%\IXP000.TMP\setup.exe.dll
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\cvx5517
- %TEMP%\IXP000.TMP\propgroups
- %TEMP%\IXP000.TMP\SLF
- %TEMP%\IXP000.TMP\DataProvider