Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\<Имя вируса>.exe
- %APPDATA%\879127.exe
- <SYSTEM32>\regsvr32.exe /u /s "%APPDATA%\IE\bho.dll"
- <SYSTEM32>\regsvr32.exe /s "%APPDATA%\IE\bho.dll"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\vbc1.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\xvmt0dth.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %APPDATA%\IE\bho.dll
- %TEMP%\vbc1.tmp
- %APPDATA%\firefox@mozilla.com\content\settings.js
- %APPDATA%\879127.exe
- %TEMP%\RES2.tmp
- %APPDATA%\IE\settings.dat
- %APPDATA%\firefox@mozilla.com\content\overlay.xul
- %TEMP%\xvmt0dth.out
- %TEMP%\xvmt0dth.cmdline
- %TEMP%\xvmt0dth.0.vb
- %APPDATA%\firefox@mozilla.com\content\overlay.js
- %APPDATA%\firefox@mozilla.com\install.rdf
- %APPDATA%\firefox@mozilla.com\chrome.manifest
- %TEMP%\xvmt0dth.cmdline
- %TEMP%\xvmt0dth.0.vb
- %TEMP%\xvmt0dth.out
- %TEMP%\RES2.tmp
- %TEMP%\vbc1.tmp
- 'ks#####4.kimsufi.com':80
- ks#####4.kimsufi.com/tools/parser.php?us##########################################
- ks#####4.kimsufi.com/tools/parser.php?us####################################################################################################
- DNS ASK ks#####4.kimsufi.com