Техническая информация
Вредоносные функции:
Создает и запускает на исполнение:
- %TEMP%\Inst_1230.exe /quiet /norestart
Без разрешения пользователя устанавливает новую стартовую страницу для Windows Internet Explorer.
Изменения в файловой системе:
Создает следующие файлы:
- %TEMP%\BBTemp1\Graphics\back_silver_over.gif
- %TEMP%\BBTemp1\Graphics\back_silver_normal.gif
- %TEMP%\BBTemp1\Graphics\back_silver_pressed.gif
- %TEMP%\BBTemp1\Graphics\cancel_silver_normal.gif
- %TEMP%\BBTemp1\Graphics\back_silver_disabled.gif
- %TEMP%\BBTemp1\Graphics\forward_silver_normal.gif
- %TEMP%\BBTemp1\Graphics\setup_silver.bmp
- %TEMP%\BBTemp1\Graphics\forward_silver_over.gif
- %TEMP%\BBTemp1\Graphics\forward_silver_disabled.gif
- %TEMP%\BBTemp1\Graphics\forward_silver_pressed.gif
- %TEMP%\BBTemp1\Graphics\clear_disabled.bmp
- %TEMP%\BBTemp1\Graphics\popupsallowed.bmp
- %TEMP%\BBTemp1\Graphics\search_disabled.bmp
- %TEMP%\BBTemp1\Graphics\square1logos.gif
- %TEMP%\BBTemp1\Graphics\setup_silver1.bmp
- %TEMP%\BBTemp1\Graphics\cancel_silver_pressed.gif
- %TEMP%\BBTemp1\Graphics\cancel_silver_over.gif
- %TEMP%\BBTemp1\Graphics\cancel_silver_disabled.gif
- %TEMP%\BBTemp1\Graphics\resize__silver_over.bmp
- %TEMP%\BBTemp1\Graphics\resize__silver_normal.bmp
- %TEMP%\BBTemp1\Graphics\org_favorites_disabled.bmp
- %TEMP%\BBTemp1\Graphics\org_favorites_pressed.bmp
- %TEMP%\BBTemp1\Graphics\popup_normal.bmp
- %TEMP%\BBTemp1\Graphics\popup_pressed.bmp
- %TEMP%\BBTemp1\Graphics\popup_over.bmp
- %TEMP%\BBTemp1\Graphics\add_favorites_pressed.bmp
- %TEMP%\BBTemp1\Graphics\add_favorites_over.bmp
- %TEMP%\BBTemp1\Graphics\add_favorites_disabled.bmp
- %TEMP%\BBTemp1\Graphics\org_favorites_over.bmp
- %TEMP%\BBTemp1\Graphics\org_favorites_normal.bmp
- %TEMP%\BBTemp1\Graphics\block_popup_normal.jpg
- %TEMP%\BBTemp1\Graphics\exit_silver_disabled.bmp
- %TEMP%\BBTemp1\Graphics\block_popup_over.bmp
- %TEMP%\BBTemp1\Graphics\block_popup_disabled.bmp
- %TEMP%\BBTemp1\Graphics\block_popup_pressed.bmp
- %TEMP%\BBTemp1\Graphics\popupsblocked1.bmp
- %TEMP%\BBTemp1\Graphics\popup_disabled.bmp
- %TEMP%\BBTemp1\Graphics\exit_silver_normal.bmp
- %TEMP%\BBTemp1\Graphics\exit_silver_pressed.bmp
- %TEMP%\BBTemp1\Graphics\exit_silver_over.bmp
- %TEMP%\BBTemp1\Additional\Images\previous_tab_disabled.gif
- %TEMP%\BBTemp1\Additional\Images\next_tab_pressed.gif
- %TEMP%\BBTemp1\Additional\Images\previous_tab_normal.gif
- %TEMP%\BBTemp1\Additional\Images\previous_tab_pressed.gif
- %TEMP%\BBTemp1\Additional\Images\previous_tab_over.gif
- %TEMP%\BBTemp1\Additional\Images\zw_nn.gif
- %TEMP%\BBTemp1\Additional\Images\s.gif
- %TEMP%\BBTemp1\Additional\Images\bg.gif
- %TEMP%\BBTemp1\Additional\Images\next_tab_over.gif
- %TEMP%\BBTemp1\Additional\Images\next_tab_normal.gif
- %TEMP%\BBTemp1\Additional\Images\delete_tab_over.gif
- %TEMP%\BBTemp1\Additional\Images\delete_tab_normal.gif
- %TEMP%\BBTemp1\Additional\Images\delete_tab_pressed.gif
- %TEMP%\BBTemp1\Additional\Images\square1t.gif
- %TEMP%\BBTemp1\Additional\Images\next_tab_disabled.gif
- %TEMP%\BBTemp1\Additional\Images\add_tab_normal.gif
- %TEMP%\BBTemp1\Additional\Images\add_tab_disabled.gif
- %TEMP%\BBTemp1\Additional\Images\add_tab_over.gif
- %TEMP%\BBTemp1\Additional\Images\delete_tab_disabled.gif
- %TEMP%\BBTemp1\Additional\Images\add_tab_pressed.gif
- %TEMP%\BBTemp1\Additional\Images\zw_no.gif
- %TEMP%\BBTemp1\Additional\Images.x
- %TEMP%\BBTemp1\Additional\Images\zw_ns.gif
- %TEMP%\BBTemp1\Additional\Images\zw_os.gif
- %TEMP%\BBTemp1\Additional\Images\zw_on.gif
- %TEMP%\BBTemp1\Sounds\dig-dig.wav
- %TEMP%\BBTemp1\Graphics\top_logo_small.bmp
- %TEMP%\BBTemp1\Sounds\klick.wav
- %TEMP%\BBTemp1\Additional\error404.html
- %TEMP%\BBTemp1\Additional\tabs.html
- %TEMP%\BBTemp1\Additional\Images\en_o.gif
- %TEMP%\BBTemp1\Additional\Images\en_n.gif
- %TEMP%\BBTemp1\Additional\Images\en_s.gif
- %TEMP%\BBTemp1\Additional\Images\o.gif
- %TEMP%\BBTemp1\Additional\Images\n.gif
- %TEMP%\BBTemp1\Additional\Images\zw_so.gif
- %TEMP%\BBTemp1\Additional\Images\zw_sn.gif
- %TEMP%\BBTemp1\Additional\Images\an_n.gif
- %TEMP%\BBTemp1\Additional\Images\an_s.gif
- %TEMP%\BBTemp1\Additional\Images\an_o.gif
- %TEMP%\BBTemp1\Graphics\security_zone_internet.bmp
- %TEMP%\BBTemp1\Graphics\security_zone_intranet.bmp
- %TEMP%\BBTemp1\Graphics\https_nothing.bmp
- %TEMP%\BBTemp1\Graphics\https_off.bmp
- %TEMP%\BBTemp1\Graphics\https_on.bmp
- %TEMP%\BBTemp1\Graphics\setup_cancel_over.bmp
- %TEMP%\BBTemp1\Graphics\setup_cancel_pressed.bmp
- %TEMP%\BBTemp1\Graphics\setup_cancel_normal.bmp
- %TEMP%\BBTemp1\Graphics\security_zone_trusted.bmp
- %TEMP%\BBTemp1\Graphics\security_zone_restricted.bmp
- %TEMP%\BBTemp1\Graphics\line.bmp
- %TEMP%\BBTemp1\Graphics\search_normal.bmp
- %TEMP%\BBTemp1\Graphics\navigate_disabled.bmp
- %TEMP%\BBTemp1\Graphics\navigate_over.bmp
- %TEMP%\BBTemp1\Graphics\navigate_pressed.bmp
- %TEMP%\BBTemp1\Graphics\clear_over.bmp
- %TEMP%\BBTemp1\Graphics\clear_pressed.bmp
- %TEMP%\BBTemp1\Graphics\clear_normal.bmp
- %TEMP%\BBTemp1\Graphics\search_over.bmp
- %TEMP%\BBTemp1\Graphics\search_pressed.bmp
- %TEMP%\BBTemp1\gfx.x
- %TEMP%\BBTemp1\Setup.ini
- %TEMP%\BBTemp1\snd.x
- %TEMP%\BBTemp1\README.txt
- %TEMP%\BBTemp1\Additional.x
- %TEMP%\BBTemp1\Data.Bob
- %TEMP%\Inst_1230.exe
- %TEMP%\BBTemp1\Square1.EXE
- %TEMP%\BBTemp1\Config.Bob
- %TEMP%\BBTemp1\Uninstall.exe
- %TEMP%\BBTemp1\Graphics\setup_back_pressed.bmp
- %TEMP%\BBTemp1\Graphics\setup_back_disabled.bmp
- %TEMP%\BBTemp1\Graphics\setup_back_over.bmp
- %TEMP%\BBTemp1\Graphics\setup_cancel_disabled.bmp
- %TEMP%\BBTemp1\Graphics\setup_back_normal.bmp
- %TEMP%\BBTemp1\Graphics\setup_next_disabled.bmp
- %TEMP%\BBTemp1\Graphics\advances_browser_background.bmp
- %TEMP%\BBTemp1\Graphics\setup_next_pressed.bmp
- %TEMP%\BBTemp1\Graphics\setup_next_normal.bmp
- %TEMP%\BBTemp1\Graphics\setup_next_over.bmp
- %TEMP%\BBTemp1\Graphics\minimize_restore_normal.bmp
- %TEMP%\BBTemp1\Graphics\minimize_restore_pressed.bmp
- %TEMP%\BBTemp1\Graphics\popupsblocked.bmp
- %TEMP%\BBTemp1\Graphics\minimize_silver_normal.bmp
- %TEMP%\BBTemp1\Graphics\top_logo.bmp
- %TEMP%\BBTemp1\Graphics\backward_disabled.bmp
- %TEMP%\BBTemp1\Graphics\cancel_normal.bmp
- %TEMP%\BBTemp1\Graphics\backward_pressed.bmp
- %TEMP%\BBTemp1\Graphics\backward_normal.bmp
- %TEMP%\BBTemp1\Graphics\backward_over.bmp
- %TEMP%\BBTemp1\Graphics\ButtonOver.BMP
- %TEMP%\BBTemp1\Graphics\Button.BMP
- %TEMP%\BBTemp1\Graphics\ButtonPress.BMP
- %TEMP%\BBTemp1\Graphics\add_favorites_normal.bmp
- %TEMP%\BBTemp1\Graphics\ButtonDis.BMP
- %TEMP%\BBTemp1\Graphics\minimize_silver_pressed.bmp
- %TEMP%\BBTemp1\Graphics\minimize_silver_over.bmp
- %TEMP%\BBTemp1\Graphics\minimize_silver_disabled.bmp
- %TEMP%\BBTemp1\Graphics\maximize_silver_over.bmp
- %TEMP%\BBTemp1\Graphics\maximize_silver_normal.bmp
- %TEMP%\BBTemp1\Graphics\home_pressed.bmp
- %TEMP%\BBTemp1\Graphics\home_disabled.bmp
- %TEMP%\BBTemp1\Graphics\home_over.bmp
- %TEMP%\BBTemp1\Graphics\reload_pressed.bmp
- %TEMP%\BBTemp1\Graphics\home_normal.bmp
- %TEMP%\BBTemp1\Graphics\favorites_disabled.bmp
- %TEMP%\BBTemp1\Graphics\navigate_normal.bmp
- %TEMP%\BBTemp1\Graphics\favorites_pressed.bmp
- %TEMP%\BBTemp1\Graphics\favorites_normal.bmp
- %TEMP%\BBTemp1\Graphics\favorites_over.bmp
- %TEMP%\BBTemp1\Graphics\forward_normal.bmp
- %TEMP%\BBTemp1\Graphics\forward_over.bmp
- %TEMP%\BBTemp1\Graphics\cancel_disabled.bmp
- %TEMP%\BBTemp1\Graphics\cancel_over.bmp
- %TEMP%\BBTemp1\Graphics\cancel_pressed.bmp
- %TEMP%\BBTemp1\Graphics\reload_over.bmp
- %TEMP%\BBTemp1\Graphics\reload_disabled.bmp
- %TEMP%\BBTemp1\Graphics\reload_normal.bmp
- %TEMP%\BBTemp1\Graphics\forward_pressed.bmp
- %TEMP%\BBTemp1\Graphics\forward_disabled.bmp
Удаляет следующие файлы:
- %TEMP%\BBTemp1\Additional.x
- %TEMP%\BBTemp1\Additional\Images.x
Другое:
Ищет следующие окна:
- ClassName: 'Shell_TrayWnd' WindowName: ''
