Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\nsssvc] 'Start' = '00000002'
- %PROGRAM_FILES%\W3CS\nsssvc.exe "-s"
- <LS_APPDATA>\ApplicationHistory\<Имя вируса>.exe.bf81a5f0.ini
- C:\Documents and Settings\LocalService\Local Settings\Application Data\W3C Corporation\nsssvc.dat
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.new
- %PROGRAM_FILES%\W3CS\nsssvc.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.new
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.2492.142156
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.2492.142125
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch в %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.2492.142156
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch в %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.2492.142125
- 'ad##per.com':80
- DNS ASK ad##per.com