Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctfmona' = '<SYSTEM32>\ctfmona.exe'
- %TEMP%\.tt2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\05607935-08d5-4a47-88a5-b174ba6f97c0[1].fail
- %TEMP%\.tt3.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\05607935-08d5-4a47-88a5-b174ba6f97c0[1].md5
- <SYSTEM32>\cjmpojilcjmpgr.bmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\05607935-08d5-4a47-88a5-b174ba6f97c0[1].exe
- %TEMP%\.tt1.tmp
- %TEMP%\.tt2.tmp
- %TEMP%\.tt1.tmp
- из <Полный путь к вирусу> в <SYSTEM32>\ctfmona.exe
- '20#.#61.200.42':80
- 20#.#61.200.42/notifier/168/05607935-08d5-4a47-88a5-b174ba6f97c0.fail
- 20#.#61.200.42/notifier/168/05607935-08d5-4a47-88a5-b174ba6f97c0.md5
- 20#.#61.200.42/notifier/168/05607935-08d5-4a47-88a5-b174ba6f97c0.exe
- ClassName: 'SysListView32' WindowName: ''