Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Antivirus Protection' = '"%APPDATA%\Antivirus Protection\AntivirusProtection2012.exe" /STARTUP'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'oqn9upuvumo0' = '<Полный путь к вирусу>'
- %TEMP%\_1.tmpac7d.exe -p"09:03 AM" -y -o"%APPDATA%\Antivirus Protection"
- %HOMEPATH%\Desktop\Antivirus Protection.lnk
- %HOMEPATH%\Start Menu\Programs\Antivirus Protection.lnk
- %APPDATA%\Antivirus Protection\securityhelper.exe
- %HOMEPATH%\Start Menu\Programs\Antivirus Protection\How to Activate Antivirus Protection.lnk
- %HOMEPATH%\Start Menu\Programs\Antivirus Protection\Activate Antivirus Protection.lnk
- %HOMEPATH%\Start Menu\Programs\Antivirus Protection\Antivirus Protection.lnk
- %APPDATA%\Antivirus Protection\IcoHelp.ico
- %APPDATA%\Antivirus Protection\IcoActivate.ico
- %TEMP%\_1.tmpac7d.exe
- %APPDATA%\Antivirus Protection\securitymanager.exe
- %APPDATA%\Antivirus Protection\AntivirusProtection2012.exe
- %APPDATA%\Antivirus Protection\IcoUninstall.ico
- DNS ASK 13######18.webtrust-soft.in
- DNS ASK 13######14.webtrust-soft.in
- '<IP-адрес в локальной сети>':1037
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Indicator' WindowName: ''