Техническая информация
- [<HKLM>\SOFTWARE\Classes\exefile\shell\open\command] '' = '%WINDIR%\svchost.com "%1" %*'
- %WINDIR%\svchost.com "<SYSTEM32>\cmd.exe" /c del "<Полный путь к вирусу>" >> NUL
- %TEMP%\3582-490\PizDonat13.exe
- %TEMP%\PizDonat13.exe
- %WINDIR%\directx.sys
- %TEMP%\tmp823f0bf.dll
- %TEMP%\tmp5023.tmp
- %TEMP%\PizDonat13.exe
- %TEMP%\3582-490\PizDonat13.exe
- %WINDIR%\svchost.com
- %WINDIR%\svchost.com
- 'gf####0vdc.aiq.ru':21
- DNS ASK gf####0vdc.aiq.ru
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'msctls_updown32' WindowName: ''