Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Task Scheduler Engine' = '<SYSTEM32>\Setup\MsTask.exe'
- %WINDIR%\Tasks\Graphic card buffer refresher.job
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- <SYSTEM32>\attrib.exe +h +s +r e:\Thumbs.exe
- <SYSTEM32>\attrib.exe +h +s +r e:\autorun.inf
- <SYSTEM32>\attrib.exe +h +s +r <SYSTEM32>\dllcache\Refresh.exe
- <SYSTEM32>\attrib.exe +h +s +r <SYSTEM32>\dllcache\autorun.inf
- <SYSTEM32>\reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Task Scheduler Engine" /t REG_SZ /d <SYSTEM32>\Setup\MsTask.exe /f
- <SYSTEM32>\find.exe /i /c "pornolab.net" "<DRIVERS>\etc\hosts"
- <SYSTEM32>\attrib.exe -h -s -a -r "<DRIVERS>\etc\hosts"
- <SYSTEM32>\reg.exe add HKLM\SYSTEM\CurrentControlSet\Services\Schedule /v Start /t REG_DWORD /d 2 /f
- <SYSTEM32>\schtasks.exe /Create /RU "System" /SC MINUTE /MO 1 /TN "Graphic card buffer refresher" /TR <SYSTEM32>\dllcache\Refresh.exe
- <SYSTEM32>\attrib.exe -h -s autorun.inf
- <SYSTEM32>\attrib.exe +h +s +r <SYSTEM32>\Setup\MsTask.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\Thumbs.bat" "
- <SYSTEM32>\attrib.exe -h -s
- <SYSTEM32>\attrib.exe +h +s +r <SYSTEM32>\Setup\autorun.inf
- <SYSTEM32>\attrib.exe -h -s <SYSTEM32>\Setup\MsTask.exe
- <SYSTEM32>\attrib.exe -h -s <SYSTEM32>\Setup\autorun.inf
- <SYSTEM32>\attrib.exe +h +s +r
- <SYSTEM32>\attrib.exe +h +s +r autorun.inf
- %TEMP%\1.tmp\Thumbs.bat
- <Полный путь к вирусу>