Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winbase' = 'wscript.exe "%WINDIR%\OVVUIYGNSB.vbs" //B ru2'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winbase' = 'wscript.exe "%WINDIR%\OVVUIYGNSB.vbs" //B ru2'
- <SYSTEM32>\wscript.exe "%HOMEPATH%\tempe2vbs.vbs" //B ru2
- <SYSTEM32>\wscript.exe "<LS_APPDATA>\Temp\OVVUIYGNSB.vbs"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\connect3[1]
- %HOMEPATH%\tempe2vbs.vbs
- <LS_APPDATA>\Temp\OVVUIYGNSB.vbs
- %WINDIR%\OVVUIYGNSB.vbs
- <LS_APPDATA>\Temp\OVVUIYGNSB.vbs
- %HOMEPATH%\tempe2vbs.vbs
- 'www.on####-siberia.com':80
- 'localhost':1034
- www.on####-siberia.com/connect3/?id############
- DNS ASK www.on####-siberia.com
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Indicator' WindowName: ''