Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft windows sytems' = '%PROGRAM_FILES%\systems.exe'
- %WINDIR%\Tasks\At1.job
- %WINDIR%\systems.lnk
- '%WINDIR%\BaiduPinyinSetup_2.13.3.00_sw-0000091168.exe'
- '%WINDIR%\systems.exe'
- '%WINDIR%\BaiduPinyinSetup_2.13.3.00_sw-0000091168.exe' (загружен из сети Интернет)
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %WINDIR%\4934.ini
- %WINDIR%\BaiduPinyinSetup_2.13.3.00_sw-0000091168.exe
- %WINDIR%\systems.exe
- %WINDIR%\systems.lnk
- <Полный путь к вирусу>
- %WINDIR%\systems.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- '12#.#25.114.144':80
- 'do####ad.58611.net':8181
- http://dl##.#r.baidu.com/ditui/zujian/BaiduPinyinSetup_2.13.3.00_sw-0000091168.exe via 12#.#25.114.144
- DNS ASK dl##.#r.baidu.com
- DNS ASK do####ad.58611.net
- ClassName: '' WindowName: ''
- ClassName: 'Indicator' WindowName: ''