Техническая информация
- %TEMP%\is-O8TLC.tmp\<Имя вируса>.tmp /SL5="$40036,53248,53248,<Полный путь к вирусу>"
- <SYSTEM32>\cmd.exe /c ""%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone4.bat" "
- <SYSTEM32>\net1.exe start dnscache
- <SYSTEM32>\svchost.exe -k NetworkService
- <SYSTEM32>\net1.exe stop dnscache
- <SYSTEM32>\wscript.exe "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.vbs"
- <SYSTEM32>\cmd.exe /c ""%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone3.bat" "
- <SYSTEM32>\net.exe stop dnscache
- %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.vbs
- %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone3.bat
- %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone4.bat
- %TEMP%\is-O8TLC.tmp\<Имя вируса>.tmp
- %TEMP%\is-DPK30.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-DPK30.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-DPK30.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-O8TLC.tmp\<Имя вируса>.tmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.vbs
- %TEMP%\is-DPK30.tmp\_isetup\_RegDLL.tmp
- ClassName: '' WindowName: '????'
- ClassName: 'Shell_TrayWnd' WindowName: ''