Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'SwUpdate' = '{003541A1-3BC0-1B1C-AAF3-040114001C01}'
- <SYSTEM32>\netsh.exe firewall add allowedprogram program = "<SYSTEM32>\lsass.exe" name = "LSA Shell" mode = ENABLE scope = ALL profile = ALL
- <SYSTEM32>\netsh.exe firewall add allowedprogram program = "<Полный путь к вирусу>" name = "Application Layer Gateway Service" mode = ENABLE scope = ALL profile = ALL
- %WINDIR%\Explorer.EXE
- %ALLUSERSPROFILE%\Application Data\Macromedia\swfupdate\Ui.dtd
- %ALLUSERSPROFILE%\Application Data\Macromedia\swfupdate\LocalsSettings.dtd
- %ALLUSERSPROFILE%\Application Data\Macromedia\swfupdate\USTemp.dtd
- %ALLUSERSPROFILE%\Application Data\Macromedia\swfupdate\swfupdate.dll
- %ALLUSERSPROFILE%\Application Data\Macromedia\swfupdate\USTemp.dtd