Техническая информация
- <SYSTEM32>\attrib.exe -a -r -s -h "<Полный путь к вирусу>"
- <SYSTEM32>\cmd.exe /c %TEMP%\239fe3.bat
- <SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\MSICRD\wmshlp.dll" IAStorIconEntry 3
- %TEMP%\uirvgn.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\logon[1].php
- %TEMP%\ficok.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\google[1]
- %ALLUSERSPROFILE%\Application Data\MSICRD\wmshlp.dll
- %ALLUSERSPROFILE%\Application Data\MSICRD\RCX1.tmp
- %TEMP%\239fe3.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\logon[1].php
- %ALLUSERSPROFILE%\Application Data\MSICRD\wmshlp.dll
- '20#.#2.80.89':80
- '74.##5.232.51':80
- 'localhost':1035
- 20#.#2.80.89/download/logon.php?ah######################################################################
- 74.##5.232.51/
- DNS ASK www.google.com