Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '%ALLUSERSPROFILE%\Application Data\Assistant\assist~1.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\e64a4d03] 'Start' = '00000002'
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\Application Data\Assistant\AssistantSvc.dll",service
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\Application Data\Assistant\AssistantSvc.dll",service -install
- chrome.exe
- firefox.exe
- iexplore.exe
- %ALLUSERSPROFILE%\Application Data\Assistant\AssistantSvc.dll
- %TEMP%\tf00294823.dll
- %ALLUSERSPROFILE%\Application Data\Assistant\Assistant.dll
- <Полный путь к вирусу>
- %TEMP%\tf00294823.dll
- 'sk###obar.info':80
- DNS ASK sk###obar.info