Техническая информация
- [<HKLM>\SOFTWARE\Classes\uic\Shell\Open\Command] '' = '"Rundll32.exe" "%WINDIR%\windows128\nwinms.inn" readfile'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\honst.lnk
- %TEMP%\is-A4APV.tmp\<Имя вируса>.tmp /SL5="$40036,1570659,53248,<Полный путь к вирусу>"
- <SYSTEM32>\rundll32.exe "%WINDIR%\windows128\swchar.cha" Restd
- <SYSTEM32>\rundll32.exe "%WINDIR%\windows128\mic32.mtu" Tostring
- %WINDIR%\windows128\honst.uic
- %WINDIR%\windows128\infofile.tmp
- %WINDIR%\windows128\7cen.ico
- %WINDIR%\windows128\Config.ini
- %WINDIR%\windows128\mic32.mtu
- %WINDIR%\windows128\swchar.cha
- %WINDIR%\windows128\taobao.ico
- %WINDIR%\windows128\nwinms.inn
- %WINDIR%\windows128\rd.txt
- %TEMP%\is-JMG4S.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-JMG4S.tmp\InstallDll.dll
- %TEMP%\is-A4APV.tmp\<Имя вируса>.tmp
- %TEMP%\is-JMG4S.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\newname\is-64O8H.tmp
- %PROGRAM_FILES%\newname\unins000.dat
- %WINDIR%\windows128\Install.tmp
- %PROGRAM_FILES%\newname\is-DLB42.tmp
- %PROGRAM_FILES%\newname\is-J84S0.tmp
- %TEMP%\is-JMG4S.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-A4APV.tmp\<Имя вируса>.tmp
- %TEMP%\is-JMG4S.tmp\InstallDll.dll
- %TEMP%\is-JMG4S.tmp\_isetup\_RegDLL.tmp
- 'www.la##uyi.com':82
- 'localhost':1036
- '22#.#3.36.68':8080
- DNS ASK www.la##uyi.com
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''