Техническая информация
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "ProxyEnable" /t reg_dword /d 1 /f
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "ProxyServer" /t REG_SZ /d 192.168.1.200:808 /f
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' "http://www.23##.com/?k6####"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\2848OUM0.bat" <Полный путь к вирусу>"
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d http://www.23##.com/?k6#### /f
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Default_Page_URL" /t REG_SZ /d http://www.23##.com/?k6#### /f
- [<HKLM>\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = '192.168.1.200:808'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- %TEMP%\2848OUM0.bat
- %TEMP%\2848OUM0.bat
- %TEMP%\2848OUM0.bat
- '<L####NET>.1.200':808
- 'localhost':1036
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''