Техническая информация
- [<HKLM>\SOFTWARE\Classes\.\Shell\open\command] '' = '"Rundll32.exe" "blue.bmp" Resetrun'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\sobaidu
- %WINDIR%\bibibei.exe /S
- <SYSTEM32>\rundll32.exe "%WINDIR%\sback.db" backdb
- %WINDIR%\regedit.exe -s "%PROGRAM_FILES%\newname\sControl.desc"
- %WINDIR%\sback.db
- %WINDIR%\sobaidu
- %WINDIR%\rd.txt
- %WINDIR%\blue.bmp
- %WINDIR%\Config.ini
- %PROGRAM_FILES%\±И±ИЯВ\bibibei.ico
- %PROGRAM_FILES%\±И±ИЯВ\Р¶ФШ.exe
- %PROGRAM_FILES%\±И±ИЯВ\±И±ИЯВ№Щ·ЅНшХѕ.url
- %PROGRAM_FILES%\±И±ИЯВ\bibibei.dll
- %TEMP%\nsr2.tmp\System.dll
- %WINDIR%\bibibei.exe
- %TEMP%\is-MILKU.tmp\InstallDll.dll
- %PROGRAM_FILES%\newname\is-DCEPD.tmp
- %TEMP%\is-MILKU.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-VA76T.tmp\<Имя вируса>.tmp
- %TEMP%\is-MILKU.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\newname\unins000.dat
- %WINDIR%\Install.tmp
- %PROGRAM_FILES%\newname\is-NS9M2.tmp
- %PROGRAM_FILES%\newname\is-HIIR1.tmp
- %PROGRAM_FILES%\newname\is-6UERA.tmp
- %TEMP%\is-VA76T.tmp\<Имя вируса>.tmp
- %TEMP%\nsr2.tmp\System.dll
- %TEMP%\is-MILKU.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-MILKU.tmp\InstallDll.dll
- %TEMP%\is-MILKU.tmp\_isetup\_RegDLL.tmp
- '22#.#3.36.68':8080
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''