Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ActiveSync' = '%PROGRAM_FILES%\ActiveSync\ActiveSync.exe'
- %PROGRAM_FILES%\ActiveSync\ActiveSync.exe
- %TEMP%\is-4DOOO.tmp\<Имя вируса>.tmp /SL5="$40036,132175,52224,<Полный путь к вирусу>"
- <SYSTEM32>\taskkill.exe /f /t /im ActiveSync.exe
- %PROGRAM_FILES%\ActiveSync\is-N7AJA.tmp
- %PROGRAM_FILES%\ActiveSync\is-TJVU6.tmp
- %PROGRAM_FILES%\ActiveSync\is-96IJU.tmp
- %TEMP%\is-3A3OP.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-4DOOO.tmp\<Имя вируса>.tmp
- %TEMP%\is-3A3OP.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-3A3OP.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-3A3OP.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-4DOOO.tmp\<Имя вируса>.tmp
- %TEMP%\is-3A3OP.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-3A3OP.tmp\_isetup\_RegDLL.tmp
- 'un###.vv762.com':88
- DNS ASK un###.vv762.com
- '<IP-адрес в локальной сети>':1035
- ClassName: 'XWnd' WindowName: 'MDI'
- ClassName: 'Shell Embedding' WindowName: ''
- ClassName: 'Shell DocObject View' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''