Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\1dc9d] 'Name' = '%TEMP%\1.tmp'
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\spoolsv.exe
- %TEMP%\Temporary Internet Files\Content.IE5\C96F2141\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\GXRON3E4\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\SPEJOTY3\desktop.ini
- %TEMP%\History\History.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\XQIM16LS\desktop.ini
- %ALLUSERSPROFILE%\Application Data\defender
- %TEMP%\1.tmp
- %ALLUSERSPROFILE%\Desktop\Malware Protection.lnk
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\SPEJOTY3\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\XQIM16LS\desktop.ini
- %TEMP%\History\History.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\GXRON3E4\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\C96F2141\desktop.ini
- из <Полный путь к вирусу> в %TEMP%\2.tmp
- 'do####ad4clean.com':80
- do####ad4clean.com/404.php?id###
- DNS ASK do####ad4clean.com
- '<IP-адрес в локальной сети>':1036