Техническая информация
- <SYSTEM32>\sc.exe start privtorador
- <SYSTEM32>\regini.exe <DRIVERS>\reg.dll
- <SYSTEM32>\cmd.exe /c <Текущая директория>\<Имя вируса>.bat
- <SYSTEM32>\cmd.exe /c <DRIVERS>\block.bat
- <SYSTEM32>\cacls.exe "%PROGRAM_FILES%\Scpad\scpsssh2.dll" /D Administrador
- <SYSTEM32>\sc.exe create privtorador binpath= "cmd /K start /wait regini <DRIVERS>\reg.dll" type= own type= interact
- <SYSTEM32>\spoolv.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\spoolv[1].jpg
- <Текущая директория>\<Имя вируса>.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\gravaInfo[1].asp
- <DRIVERS>\reg.dll
- <DRIVERS>\block.bat
- <SYSTEM32>\svchosts.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\svchosts[1].jpg
- <DRIVERS>\reg.dll
- 'www.tr####contador.net':80
- 'br#####.webcindario.com':80
- 'localhost':1035
- www.tr####contador.net/cont/gravaInfo.asp?na###########
- br#####.webcindario.com/img/spoolv.jpg
- br#####.webcindario.com/img/svchosts.jpg
- DNS ASK www.tr####contador.net
- DNS ASK br#####.webcindario.com