Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\ByteFireWall] 'ImagePath' = 'C:\byteFirewall.dat'
- %TEMP%\1dfa.tmp\lk_bv.bat
- %TEMP%\1dfa.tmp\lk_bv.exe
- %TEMP%\1dfa.tmp\smss.exe
- %TEMP%\1dfa.tmp\svchest.exe
- C:\bytefirewall.dat
- %WINDIR%\temp\udd2954.tmp
- %TEMP%\f30.tmp\vb.bat
- %TEMP%\f30.tmp\suspendthread.pdb
- %TEMP%\f30.tmp\svchest.exe
- %TEMP%\f30.tmp\config.ini
- %WINDIR%\temp\udd2954.tmp
- %TEMP%\1dfa.tmp\lk_bv.exe
- %TEMP%\1dfa.tmp\smss.exe
- %TEMP%\1dfa.tmp\svchest.exe
- %TEMP%\1dfa.tmp\lk_bv.bat
- %TEMP%\f30.tmp\suspendthread.pdb
- %TEMP%\f30.tmp\svchest.exe
- %TEMP%\f30.tmp\vb.bat
- %TEMP%\f30.tmp\config.ini
- DNS ASK wj.####er.oldlist.info
- DNS ASK wj.####er.boxlist.info
- '3.#.3.3':6087
- '%TEMP%\1dfa.tmp\lk_bv.exe'
- '%TEMP%\1dfa.tmp\smss.exe'
- '%TEMP%\1dfa.tmp\svchest.exe'
- '%TEMP%\f30.tmp\svchest.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1DFA.tmp\lk_bv.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\F30.tmp\vb.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1DFA.tmp\lk_bv.bat" "
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 60
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\F30.tmp\vb.bat" "
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 1