Техническая информация
- %WINDIR%\Tasks\scvhost.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\RpcScs] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\RpcScs] 'ImagePath' = '%WINDIR%\Tasks\scvhost.exe'
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\w_downloads[1].exe
- %WINDIR%\Temp\120546.exe
- <Полный путь к файлу>
- 'f4###.7h4uk.com':80
- 'localhost':1038
- 'd4##.7h4uk.com':80
- http://d4##.7h4uk.com/w_downloads.exe
- DNS ASK f4###.7h4uk.com
- DNS ASK d4##.7h4uk.com
- '%WINDIR%\Tasks\scvhost.exe'
- '<SYSTEM32>\cmd.exe' /c del <Полный путь к файлу> > nul