Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'wupdate' = ''
- %TEMP%\nSClearText.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- <SYSTEM32>\wscript.exe "%TEMP%\MTemp104.vbs"
- <SYSTEM32>\schtasks.exe /Create /SC MINUTE /MO 10 /RU "NT Authority\System" /TR %APPDATA%\<Имя вируса>.exe /TN WindowsConfig
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %TEMP%\dw.log
- %TEMP%\27C1B.dmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bot[1].htm
- %APPDATA%\wupdate.zgy
- %TEMP%\MTemp104.vbs
- %TEMP%\nSClearText.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bot[1].htm
- %TEMP%\MTemp104.vbs
- 'gt##io.tk':80
- gt##io.tk/Panel/Panel/bot.php
- DNS ASK gt##io.tk
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''