Техническая информация
- [<HKLM>\SOFTWARE\Classes\.ghi\shell\open\command] '' = 'rundll32.exe "%PROGRAM_FILES%\wisesoft\xec.cc" xxx '
- %TEMP%\is-C6UHF.tmp\is-VIIE3.tmp /SL4 $40036 "<Полный путь к вирусу>" 97745 52224
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE Explorer\iexplore.exe http://12#.##4.9.113:8022/Insertbz.aspx?mc###############################
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\wisesoft\uid.dd" uuu
- %WINDIR%\regedit.exe -s "%PROGRAM_FILES%\wisesoft\xec.err"
- %PROGRAM_FILES%\wisesoft\is-AGN2Q.tmp
- %PROGRAM_FILES%\wisesoft\is-QC0TP.tmp
- %PROGRAM_FILES%\wisesoft\is-NJMPS.tmp
- %PROGRAM_FILES%\wisesoft\is-H0620.tmp
- %PROGRAM_FILES%\wisesoft\is-SQDPU.tmp
- %PROGRAM_FILES%\wisesoft\is-6B71B.tmp
- %PROGRAM_FILES%\wisesoft\unins000.dat
- %PROGRAM_FILES%\wisesoft\is-2VM1B.tmp
- %PROGRAM_FILES%\wisesoft\is-QU4BS.tmp
- %PROGRAM_FILES%\wisesoft\is-1NOMJ.tmp
- %PROGRAM_FILES%\wisesoft\is-J5TS8.tmp
- %TEMP%\is-2E0G0.tmp\reg.gg
- %PROGRAM_FILES%\wisesoft\is-NH4UN.tmp
- %TEMP%\is-2E0G0.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-C6UHF.tmp\is-VIIE3.tmp
- %TEMP%\is-2E0G0.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\wisesoft\is-TR347.tmp
- %PROGRAM_FILES%\wisesoft\is-3UVE2.tmp
- %PROGRAM_FILES%\wisesoft\is-0U4UT.tmp
- %PROGRAM_FILES%\wisesoft\is-CK1BH.tmp
- %PROGRAM_FILES%\wisesoft\is-DDLRT.tmp
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''