Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ias] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k netsvcs
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\KB08116078.dll,x" #"%PROGRAM_FILES%\KB08116078.dll##1#1#Windows" COM+ and Microsoft .NET Integration with SOAP##rgvAyxvG3aa=#Microsoft .Net Framework COM+ Support#yQ7/1A3N0g-Lnd2ImNmMm8TJ2A2UodaKmaa=#<Полный путь к вирусу>
- <SYSTEM32>\cmd.exe /c """%TEMP%\setup129218.bat"" "
- %CommonProgramFiles%\System\lhyfibkbv.fqq
- %TEMP%\setup129218.bat
- %PROGRAM_FILES%\KB08116078.dll
- %PROGRAM_FILES%\KB08116078.dll
- 'localhost':1044
- '23#.#55.255.250':1900
- ClassName: 'Shell_TrayWnd' WindowName: ''