Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'isrchro' = '%PROGRAM_FILES%\isrchro\sroup.exe'
- %PROGRAM_FILES%\isrchro\sroup.exe (загружен из сети Интернет) <Полный путь к вирусу>
- %PROGRAM_FILES%\isrchro\iemsr.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\iemsr[1].dll
- %PROGRAM_FILES%\isrchro\uninstall.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\inst_ok[1].asp
- %TEMP%\nsu2.tmp\nsRandom.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sroup[1].exe
- %TEMP%\nsu2.tmp\InetLoad.dll
- %PROGRAM_FILES%\isrchro\sroup.exe
- %PROGRAM_FILES%\isrchro\isrchro.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\isrchro[1].exe
- %TEMP%\nsu2.tmp\nsRandom.dll
- %TEMP%\nsu2.tmp\InetLoad.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\inst_ok[1].asp
- 'ap#.##rchro.co.kr':80
- ap#.##rchro.co.kr/newfile/iemsr.dll
- ap#.##rchro.co.kr/newapp/inst_ok.asp?ui########################################
- ap#.##rchro.co.kr/newfile/sroup.exe
- ap#.##rchro.co.kr/newfile/isrchro.exe
- DNS ASK ap#.##rchro.co.kr
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''