Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'taskhost.exe' = '%TEMP%\..\taskhost.exe'
- Центр обеспечения безопасности (Security Center)
- %HOMEPATH%\Local Settings\<Имя вируса>.exe
- <SYSTEM32>\net1.exe stop wscsvc
- <SYSTEM32>\netsh.exe firewall set opmode disable
- <SYSTEM32>\ftp.exe -s:"%TEMP%\ftp.txt"
- <SYSTEM32>\net.exe stop wscsvc
- <SYSTEM32>\Macromed\Flash\install.log
- %TEMP%\nsk3.tmp\System.dll
- %TEMP%\nsk3.tmp\NSISArray.dll
- %TEMP%\nsk3.tmp\InstallOptions.dll
- %TEMP%\nsk3.tmp\nsProcess.dll
- %TEMP%\nsd2.tmp
- %HOMEPATH%\Local Settings\<Имя вируса>.exe
- %HOMEPATH%\Local Settings\taskhost.exe
- %TEMP%\nsk3.tmp\browser_listing.ini
- %TEMP%\ftp.txt
- '21#.#7.225.60':21
- 'localhost':1037
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '17A30E37-6DA8-466c-AC6F-B18C3C7BFE04' WindowName: ''