Техническая информация
- [<HKLM>\SOFTWARE\Classes\.ghi\shell\open\command] '' = 'rundll32.exe "%PROGRAM_FILES%\wisesoft\xec.cc" xxx '
- %TEMP%\is-436H1.tmp\is-CFTH5.tmp /SL4 $40036 "<Полный путь к вирусу>" 92570 52224
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\wisesoft\gen.nn" ggg
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\wisesoft\qtc.dll" unknown
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\wisesoft\idi.ii" gis
- %WINDIR%\regedit.exe -s "%PROGRAM_FILES%\wisesoft\xec.err"
- %PROGRAM_FILES%\wisesoft\is-77USN.tmp
- %PROGRAM_FILES%\wisesoft\is-J431H.tmp
- %PROGRAM_FILES%\wisesoft\is-SU5M0.tmp
- %PROGRAM_FILES%\wisesoft\is-E8AVJ.tmp
- %PROGRAM_FILES%\wisesoft\is-7V4D4.tmp
- %PROGRAM_FILES%\wisesoft\is-5JU9T.tmp
- %PROGRAM_FILES%\wisesoft\unins000.dat
- C:\csrss.dat
- %PROGRAM_FILES%\wisesoft\is-77U42.tmp
- %PROGRAM_FILES%\wisesoft\is-GBF4T.tmp
- %PROGRAM_FILES%\wisesoft\is-R3M27.tmp
- %TEMP%\is-VOI09.tmp\reg.gg
- %PROGRAM_FILES%\wisesoft\is-9IFUD.tmp
- %TEMP%\is-VOI09.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-436H1.tmp\is-CFTH5.tmp
- %TEMP%\is-VOI09.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\wisesoft\is-9G1H7.tmp
- %PROGRAM_FILES%\wisesoft\is-LPORF.tmp
- %PROGRAM_FILES%\wisesoft\is-ELOEQ.tmp
- %PROGRAM_FILES%\wisesoft\is-U6D9F.tmp
- %PROGRAM_FILES%\wisesoft\is-FJCSI.tmp
- %PROGRAM_FILES%\wisesoft\is-37ENG.tmp
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''