Техническая информация
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'AVAADA' = '%WINDIR%\AviraReborn.bat'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AVAADA' = '%WINDIR%\AviraReborn.bat'
- %WINDIR%\win.ini
- %WINDIR%\system.ini
- %TEMP%\cmd.bat
- <Текущая директория>\msg.vbs
- %WINDIR%\avirareborn.bat
- nul
- C:\mail.vbs
- DNS ASK yo####anidiot.org
- ClassName: 'mspim_wnd32' WindowName: 'Microsoft Outlook'
- ClassName: 'rencat' WindowName: ''
- ClassName: 'Ghost' WindowName: ''
- ClassName: 'WMS ST Notif Class' WindowName: 'WMS ST Notif Window 00000FD0 00000FD4'
- '<SYSTEM32>\wscript.exe' "<Текущая директория>\msg.vbs"
- '<SYSTEM32>\wscript.exe' "C:\mail.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\cmd.bat" "
- '<SYSTEM32>\notepad.exe'
- '%ProgramFiles%\mozilla firefox\firefox.exe' -osint -url "http://www.yo####anidiot.org/"
- '<SYSTEM32>\attrib.exe' +s +r +h C:\AUTOEXEC.BAT
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v AVAADA /t REG_SZ /d %WINDIR%\AviraReborn.bat /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v AVAADA /t REG_SZ /d %WINDIR%\AviraReborn.bat /f
- '%ProgramFiles%\microsoft office\office12\outlook.exe' -Embedding