Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sysdriver32_.exe' = '"%WINDIR%\sysdriver32_.exe" rezerv'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sysdriver32.exe' = '"%WINDIR%\sysdriver32.exe" rezerv'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>.exe' = '"<Полный путь к вирусу>"'
- [<HKLM>\SYSTEM\ControlSet001\Services\srvsysdriver32] 'Start' = '00000002'
- <SYSTEM32>\taskkill.exe /F /IM
- <SYSTEM32>\sc.exe create "srvsysdriver32" binpath= "%WINDIR%\sysdriver32.exe srv" start= "auto"
- <SYSTEM32>\sc.exe delete "srvsysdriver32"
- <SYSTEM32>\net.exe stop "srvsysdriver32"
- <SYSTEM32>\net1.exe stop "srvsysdriver32"
- %WINDIR%\sysdriver32.exe
- 'su####arsinfo.net':80
- su####arsinfo.net/l_distrib/knock_test_start.php?ve########################
- DNS ASK su####arsinfo.net
- '<IP-адрес в локальной сети>':1035