Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'opxflp' = '%TEMP%\dtqnibvqjglxbkppdkevr.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'bdmvchn' = '%TEMP%\aldvlzoeskkrquup.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'opxflp' = 'qdxrjzqiysudekmjuy.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'bdmvchn' = 'odzvphaumimxaimlyexn.exe .'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hlwhqxfov' = 'dtqnibvqjglxbkppdkevr.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'afrdnveowi' = 'qdxrjzqiysudekmjuy.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sznbnxiuesor' = '%TEMP%\dtqnibvqjglxbkppdkevr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'ddkrw' = '%TEMP%\htmfwlbshabjjoplv.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'opxflp' = '%TEMP%\aldvlzoeskkrquup.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'bdmvchn' = '%TEMP%\htmfwlbshabjjoplv.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'bdmvchn' = 'bpkfypharmpzbiljvas.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'qtdnvbiq' = 'bpkfypharmpzbiljvas.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hlwhqxfov' = 'odzvphaumimxaimlyexn.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'vbobmvfqzmh' = '%TEMP%\dtqnibvqjglxbkppdkevr.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'ddkrw' = '%TEMP%\odzvphaumimxaimlyexn.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'opxflp' = '%TEMP%\qdxrjzqiysudekmjuy.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'bdmvchn' = '%TEMP%\bpkfypharmpzbiljvas.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'bdmvchn' = 'qdxrjzqiysudekmjuy.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'vbobmvfqzmh' = '%TEMP%\aldvlzoeskkrquup.exe .'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'opxflp' = '%TEMP%\bpkfypharmpzbiljvas.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'bdmvchn' = '%TEMP%\qdxrjzqiysudekmjuy.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'opxflp' = 'odzvphaumimxaimlyexn.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sznbnxiuesor' = '%TEMP%\aldvlzoeskkrquup.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'ddkrw' = '%TEMP%\bpkfypharmpzbiljvas.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'vbobmvfqzmh' = '%TEMP%\odzvphaumimxaimlyexn.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sznbnxiuesor' = '%TEMP%\qdxrjzqiysudekmjuy.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hlwhqxfov' = 'qdxrjzqiysudekmjuy.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'opxflp' = 'aldvlzoeskkrquup.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'bdmvchn' = 'dtqnibvqjglxbkppdkevr.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'qtdnvbiq' = 'htmfwlbshabjjoplv.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hlwhqxfov' = 'bpkfypharmpzbiljvas.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'afrdnveowi' = 'bpkfypharmpzbiljvas.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sznbnxiuesor' = '%TEMP%\odzvphaumimxaimlyexn.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'vbobmvfqzmh' = '%TEMP%\qdxrjzqiysudekmjuy.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'ddkrw' = '%TEMP%\dtqnibvqjglxbkppdkevr.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'opxflp' = '%TEMP%\odzvphaumimxaimlyexn.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'bdmvchn' = '%TEMP%\dtqnibvqjglxbkppdkevr.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'opxflp' = 'bpkfypharmpzbiljvas.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'bdmvchn' = 'htmfwlbshabjjoplv.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'qtdnvbiq' = 'qdxrjzqiysudekmjuy.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hlwhqxfov' = 'aldvlzoeskkrquup.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'afrdnveowi' = 'aldvlzoeskkrquup.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sznbnxiuesor' = '%TEMP%\bpkfypharmpzbiljvas.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'vbobmvfqzmh' = '%TEMP%\htmfwlbshabjjoplv.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'ddkrw' = '%TEMP%\aldvlzoeskkrquup.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'opxflp' = '%TEMP%\htmfwlbshabjjoplv.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'bdmvchn' = 'aldvlzoeskkrquup.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'qtdnvbiq' = 'aldvlzoeskkrquup.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'qtdnvbiq' = 'odzvphaumimxaimlyexn.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hlwhqxfov' = 'htmfwlbshabjjoplv.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'afrdnveowi' = 'odzvphaumimxaimlyexn.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'ddkrw' = '%TEMP%\qdxrjzqiysudekmjuy.exe'
- скрытых файлов
- Редактора реестра (RegEdit)
- Средство контроля пользовательских учетных записей (UAC)
- %TEMP%\bdxwrhliszl.exe
- <LS_APPDATA>\vbobmvfqzmhjdcxnroyfradjwjudnyhup.lkf
- %ProgramFiles%\vbobmvfqzmhjdcxnroyfradjwjudnyhup.lkf
- <SYSTEM32>\vbobmvfqzmhjdcxnroyfradjwjudnyhup.lkf
- %TEMP%\ezbddbaayakbkyingsrnom.zbd
- %WINDIR%\ezbddbaayakbkyingsrnom.zbd
- <LS_APPDATA>\ezbddbaayakbkyingsrnom.zbd
- %ProgramFiles%\ezbddbaayakbkyingsrnom.zbd
- <SYSTEM32>\ezbddbaayakbkyingsrnom.zbd
- %TEMP%\ddkrw.exe
- %TEMP%\uljhdxsoigmzeouvksnfcw.exe
- %TEMP%\dtqnibvqjglxbkppdkevr.exe
- %TEMP%\odzvphaumimxaimlyexn.exe
- %TEMP%\bpkfypharmpzbiljvas.exe
- %TEMP%\qdxrjzqiysudekmjuy.exe
- %WINDIR%\vbobmvfqzmhjdcxnroyfradjwjudnyhup.lkf
- %TEMP%\htmfwlbshabjjoplv.exe
- %WINDIR%\uljhdxsoigmzeouvksnfcw.exe
- %WINDIR%\dtqnibvqjglxbkppdkevr.exe
- %WINDIR%\odzvphaumimxaimlyexn.exe
- %WINDIR%\bpkfypharmpzbiljvas.exe
- %WINDIR%\qdxrjzqiysudekmjuy.exe
- %WINDIR%\htmfwlbshabjjoplv.exe
- %WINDIR%\aldvlzoeskkrquup.exe
- <SYSTEM32>\uljhdxsoigmzeouvksnfcw.exe
- <SYSTEM32>\dtqnibvqjglxbkppdkevr.exe
- <SYSTEM32>\odzvphaumimxaimlyexn.exe
- <SYSTEM32>\bpkfypharmpzbiljvas.exe
- <SYSTEM32>\qdxrjzqiysudekmjuy.exe
- <SYSTEM32>\htmfwlbshabjjoplv.exe
- <SYSTEM32>\aldvlzoeskkrquup.exe
- %TEMP%\aldvlzoeskkrquup.exe
- %TEMP%\vbobmvfqzmhjdcxnroyfradjwjudnyhup.lkf
- <SYSTEM32>\aldvlzoeskkrquup.exe
- <LS_APPDATA>\vbobmvfqzmhjdcxnroyfradjwjudnyhup.lkf
- %ProgramFiles%\vbobmvfqzmhjdcxnroyfradjwjudnyhup.lkf
- <SYSTEM32>\vbobmvfqzmhjdcxnroyfradjwjudnyhup.lkf
- %TEMP%\ezbddbaayakbkyingsrnom.zbd
- %WINDIR%\ezbddbaayakbkyingsrnom.zbd
- <LS_APPDATA>\ezbddbaayakbkyingsrnom.zbd
- %ProgramFiles%\ezbddbaayakbkyingsrnom.zbd
- <SYSTEM32>\ezbddbaayakbkyingsrnom.zbd
- %TEMP%\uljhdxsoigmzeouvksnfcw.exe
- %TEMP%\dtqnibvqjglxbkppdkevr.exe
- %TEMP%\odzvphaumimxaimlyexn.exe
- %TEMP%\bpkfypharmpzbiljvas.exe
- %TEMP%\qdxrjzqiysudekmjuy.exe
- %WINDIR%\vbobmvfqzmhjdcxnroyfradjwjudnyhup.lkf
- %TEMP%\htmfwlbshabjjoplv.exe
- %WINDIR%\uljhdxsoigmzeouvksnfcw.exe
- %WINDIR%\dtqnibvqjglxbkppdkevr.exe
- %WINDIR%\odzvphaumimxaimlyexn.exe
- %WINDIR%\bpkfypharmpzbiljvas.exe
- %WINDIR%\qdxrjzqiysudekmjuy.exe
- %WINDIR%\htmfwlbshabjjoplv.exe
- %WINDIR%\aldvlzoeskkrquup.exe
- <SYSTEM32>\uljhdxsoigmzeouvksnfcw.exe
- <SYSTEM32>\dtqnibvqjglxbkppdkevr.exe
- <SYSTEM32>\odzvphaumimxaimlyexn.exe
- <SYSTEM32>\bpkfypharmpzbiljvas.exe
- <SYSTEM32>\qdxrjzqiysudekmjuy.exe
- <SYSTEM32>\htmfwlbshabjjoplv.exe
- %TEMP%\aldvlzoeskkrquup.exe
- %TEMP%\vbobmvfqzmhjdcxnroyfradjwjudnyhup.lkf
- DNS ASK wh###smyip.com
- DNS ASK sh####ipaddress.com
- '%TEMP%\bdxwrhliszl.exe' "<Полный путь к файлу>*"
- '%TEMP%\ddkrw.exe' "-%TEMP%\aldvlzoeskkrquup.exe"