Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wininf' = '%WINDIR%\decoder.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\ControlSet001\Services\SharedAccess" /f /v Start /t REG_DWORD /d "4"
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr" /f /v Start /t REG_DWORD /d "2"
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\ControlSet001\Services\TlntSvr" /f /v Start /t REG_DWORD /d "2"
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess" /f /v Start /t REG_DWORD /d "4"
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "wininf" /t REG_SZ /d "%WINDIR%\decoder.exe" /f
- <SYSTEM32>\ping.exe -n 1 ev.xclan.ru
- <SYSTEM32>\find.exe /I "TTL="
- %WINDIR%\<Имя вируса>.exe
- %TEMP%\2831.bat
- %TEMP%\2831.bat
- DNS ASK ev.#clan.ru
- '<IP-адрес в локальной сети>':1036