Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'updateL658' = '%TEMP%\regsvcjvp.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\newinvs.vbs" "%TEMP%\againanwshit.bat
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\againanwshit.bat" "
- '<SYSTEM32>\cmd.exe' copy "%TEMP%\tmp.exe" "%TEMP%\regsvcjvp.exe" /V
- '<SYSTEM32>\cmd.exe' del "%TEMP%\tmp.exe"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ru3211.bat" "
- '%TEMP%\tmp.exe'
- '<SYSTEM32>\msiexec.exe'
- <SYSTEM32>\msiexec.exe
- %WINDIR%\Explorer.EXE
- pidgin.exe
- ICQ.exe
- skype.exe
- YahooMessenger.exe
- trillian.exe
- firefox.exe
- chrome.exe
- iexplore.exe
- safari.exe
- opera.exe
- %TEMP%\tmp.exe
- %TEMP%\regsvcjvp.exe
- %APPDATA%\2-O2P508\2-Ologim.jpeg
- %TEMP%\ru3211.bat
- %TEMP%\againanwshit.bat
- %TEMP%\newrunn-.txt
- %TEMP%\newinvs.vbs
- %TEMP%\regsvcjvp.exe
- %TEMP%\newinvs.vbs
- %TEMP%\againanwshit.bat
- %TEMP%\tmp.exe