Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\1015.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System' = '<SYSTEM32>\kernels88.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '%TEMP%\sna.exe' = '%TEMP%\sna.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\acpidisk] 'Start' = '00000002'
- <Имя диска съемного носителя>:\Autorun.inf
- <Имя диска съемного носителя>:\dAVoF.exe
- скрытых файлов
- Диспетчера задач (Taskmgr)
- %TEMP%\dodolook221.exe
- %TEMP%\1015.exe
- %ALLUSERSPROFILE%\Templates\temp.exe
- %TEMP%\185.exe 7221
- %TEMP%\okads080.exe
- %TEMP%\bind_50218.exe
- %TEMP%\win32.exe
- %TEMP%\sna.exe
- %ALLUSERSPROFILE%\Templates\temp.exe (загружен из сети Интернет)
- <SYSTEM32>\ntvdm.exe -f -i4
- <SYSTEM32>\ntvdm.exe -f -i3
- <SYSTEM32>\ntvdm.exe -f -i6
- <SYSTEM32>\ntvdm.exe -f -i5
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://d.##ei.net/power.asp?Id########### 15
- <SYSTEM32>\netsh.exe firewall set allowedprogram '%TEMP%\win32.exe' enable
- <SYSTEM32>\ntvdm.exe -f -i2
- <SYSTEM32>\ntvdm.exe -f -i1
- %TEMP%\6.dllb
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\tool[1].jpg
- <SYSTEM32>\dlh9jkd1q5.exe
- <SYSTEM32>\dlh9jkd1q6.exe
- <SYSTEM32>\dlh9jkd1q7.exe
- %TEMP%\7.dllb
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\proxy[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\power[1].asp
- <SYSTEM32>\dlh9jkd1q1.exe
- %TEMP%\1.dllb
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\null[1].jpg
- %TEMP%\5.dllb
- <SYSTEM32>\dlh9jkd1q2.exe
- %TEMP%\2.dllb
- %WINDIR%\Temp\scs8.tmp
- %WINDIR%\Temp\scsF.tmp
- %WINDIR%\Temp\scsE.tmp
- <SYSTEM32>\vx.tll
- %WINDIR%\Temp\scs10.tmp
- %WINDIR%\Temp\scs13.tmp
- %WINDIR%\Temp\scs12.tmp
- %WINDIR%\Temp\scs11.tmp
- %WINDIR%\Temp\scsB.tmp
- %WINDIR%\Temp\scsA.tmp
- %WINDIR%\Temp\scs9.tmp
- %WINDIR%\Temp\scsC.tmp
- %TEMP%\3.dllb
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\adv114[1].php
- %WINDIR%\Temp\scsD.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\null[1].jpg
- %TEMP%\185.exe
- <SYSTEM32>\kernels88.exe
- <SYSTEM32>\wbem\sholl32.dll
- %TEMP%\nsi6.tmp\System.dll
- %ALLUSERSPROFILE%\Templates\temp.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\barsetup[1]
- %TEMP%\DoSSSetup.dll
- %TEMP%\bind_50218.exe
- %TEMP%\win32.exe
- %TEMP%\nsp2.tmp
- %TEMP%\okads080.exe
- %TEMP%\dodolook221.exe
- %TEMP%\1015.exe
- %TEMP%\sna.exe
- %TEMP%\acpidisk.sys
- %TEMP%\4.dllb
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\adload[1].php
- <SYSTEM32>\sbvw.ll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\sdgferg3rge4rgerfgg[1].php
- %WINDIR%\spoollist.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\t15[1].txt
- <SYSTEM32>\dlh9jkd1q8.exe
- <SYSTEM32>\winlib .dll
- <DRIVERS>\acpidisk.sys
- %WINDIR%\saslogww.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\downurl[1].txt
- <SYSTEM32>\mprmsgse.axz
- %WINDIR%\1015.exe
- %WINDIR%\1015.exe
- <Имя диска съемного носителя>:\dAVoF.exe
- %WINDIR%\Temp\scsC.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\adv114[1].php
- %WINDIR%\Temp\scs9.tmp
- %WINDIR%\Temp\scsA.tmp
- %WINDIR%\Temp\scsB.tmp
- %WINDIR%\Temp\scs8.tmp
- %WINDIR%\Temp\scsD.tmp
- %WINDIR%\Temp\scs12.tmp
- %WINDIR%\Temp\scsE.tmp
- %WINDIR%\Temp\scs13.tmp
- %WINDIR%\Temp\scsF.tmp
- %WINDIR%\Temp\scs11.tmp
- %WINDIR%\Temp\scs10.tmp
- %TEMP%\185.exe
- %TEMP%\acpidisk.sys
- %TEMP%\DoSSSetup.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\barsetup[1]
- <SYSTEM32>\winlib .dll
- %TEMP%\nsi6.tmp\System.dll
- <SYSTEM32>\sbvw.ll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\tool[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\power[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\proxy[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\adload[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\null[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\null[1].jpg
- 'localhost':1045
- 'pr###dtraf.biz':80
- 'd.##ei.net':80
- 'gs.###system.com':80
- 'localhost':1042
- 'se###2.tqzn.com':80
- 'localhost':1037
- 'localhost':1041
- 'up###.j7y.net':80
- d.##ei.net/power.asp?Id################
- pr###dtraf.biz/pic/null.jpg
- pr###dtraf.biz/pic/tool.jpg
- pr###dtraf.biz/sgfhergfjherfghejrgfvbdngg/adv114.php?ad####################################
- pr###dtraf.biz/pic/proxy.jpg
- d.##ei.net/list/t15.txt
- up###.j7y.net/upcfg/downurl.txt
- se###2.tqzn.com/barbindsoft/barsetup.exe?qu###########
- pr###dtraf.biz/adv/114/adload.php?a1############################################################################################################################################################################
- gs.###system.com/gs.php?12##########################################################################################################################################
- pr###dtraf.biz/sdgferg3rge4rgerfgg.php?ad###########################
- DNS ASK gs.###system.com
- DNS ASK d.##ei.net
- DNS ASK pr###dtraf.biz
- DNS ASK se###2.tqzn.com
- DNS ASK up###.j7y.net
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-d84.d8c.3a0005'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-d74.d78.390002'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-d9c.da0.3b0001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-db4.dbc.3d0006'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-da4.db0.3c0002'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-d68.d6c.380001'
- ClassName: 'MS_WebcheckMonitor' WindowName: ''