Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'apocalyps32' = '%WINDIR%\twain32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,%WINDIR%\twain32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'YesFile' = '"%TEMP%\YesFile.exe "'
- %TEMP%\YesFile.exe
- %WINDIR%\twain32.exe
- %TEMP%\~imsinst.exe <Полный путь к вирусу>
- %TEMP%\serv_se.exe
- %WINDIR%\Explorer.EXE
- %WINDIR%\twain32.exe
- %WINDIR%\inma06_88E6680F\ServerLogs\%USERNAME%\23-10-2012
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\yesfile[1]
- %TEMP%\~imsinst.tmp
- %TEMP%\~imsinst.exe
- %TEMP%\YesFile.exe
- %TEMP%\serv_se.exe
- %TEMP%\serv_se.exe
- %TEMP%\~imsinst.tmp
- 'el####l2.codns.com':1453
- 'www.ye##ile.com':80
- 'localhost':1036
- www.ye##ile.com/
- DNS ASK el####l2.codns.com
- DNS ASK www.ye##ile.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''