Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\2044441312] 'Name' = '%TEMP%\srvAF8.tmp'
- [<HKLM>\SYSTEM\ControlSet001\Services\srvAF8] 'Start' = '00000002'
- <SYSTEM32>\spoolsv.exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3WRXU3IX\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SYPN1VVG\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXPZ0GH5\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DDB61W94\desktop.ini
- %TEMP%\srvAF8.tmp
- %TEMP%\srvAF8.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SYPN1VVG\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXPZ0GH5\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3WRXU3IX\desktop.ini
- %TEMP%\srvAF8.tmp
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DDB61W94\desktop.ini
- из <Полный путь к вирусу> в %TEMP%\1.tmp
- '<IP-адрес в локальной сети>':80
- '19#.#4.112.138':80
- 'localhost':1147
- '<IP-адрес в локальной сети>':445
- '<IP-адрес в локальной сети>':139
- 19#.#4.112.138/X