Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\124.lnk
- Диспетчера задач (Taskmgr)
- %TEMP%\RarSFX0\invisible.vbs
- %TEMP%\RarSFX0\Malware2.exe
- %TEMP%\RarSFX0\next1.bat
- %TEMP%\RarSFX0\next2.exe
- %TEMP%\RarSFX0\start.bat
- %TEMP%\RarSFX0\malware32.exe
- %HOMEPATH%\Desktop\2.lnk
- %TEMP%\RarSFX1\next1.bat
- %TEMP%\RarSFX1\next2.exe
- %TEMP%\RarSFX1\start.bat
- %TEMP%\RarSFX1\invisible.vbs
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\youareaidiot[1]
- %TEMP%\RarSFX0\invisible.vbs
- %TEMP%\RarSFX0\Malware2.exe
- 'localhost':1036
- 'yo####aidiot.org':80
- http://yo####aidiot.org/
- DNS ASK yo####aidiot.org
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '%TEMP%\RarSFX0\Malware2.exe'
- '%TEMP%\RarSFX0\malware32.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\start.bat" "
- '<SYSTEM32>\wscript.exe' "invisible.vbs" "next1.bat"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\next1.bat" "
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX1\start.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX1\next1.bat" "
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}" /v Restrict_Run /t REG_DWORD /d 1 /f