Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\3711380792] 'Name' = '%TEMP%\srvB14.tmp'
- [<HKLM>\SYSTEM\ControlSet001\Services\srvB14\parameters] 'servicedll' = '\\?\globalrootC:\DOCUME~1\%USERNAME%\LOCALS~1\Temp\srvB14.tmp'
- [<HKLM>\SYSTEM\ControlSet001\Services\srvB14] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\ControlSet001\Services\srvB14] 'Start' = '00000002'
- '%TEMP%\3.tmp' (загружен из сети Интернет)
- '%TEMP%\3.tmp'
- <SYSTEM32>\spoolsv.exe
- %TEMP%\3.tmp
- %TEMP%\srvB14.ini
- %TEMP%\srvB14.tmp
- %TEMP%\srvB14.tmp
- из <Полный путь к вирусу> в %TEMP%\1.tmp
- '18#.#38.48.178':80
- http://18#.#38.48.178/service/listener.php?af#####
- http://18#.#38.48.178/service/scripts/files/aff_0.dll
- http://18#.#38.48.178/service/listener.php?af#########
- http://18#.#38.48.178//srv