Техническая информация
- %WINDIR%\Tasks\JOBHOUR.job
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- <SYSTEM32>\schtasks.exe /Delete /TN * /F
- <SYSTEM32>\schtasks.exe /Create /SC HOURLY /MO 2 /RU SYSTEM /TN JOBHOUR /TR "\"%PROGRAM_FILES%\Internet Explorer\drxtjh\\conime.exe\""
- <SYSTEM32>\sc.exe config Schedule start= auto
- <SYSTEM32>\sc.exe start Schedule
- %WINDIR%\inf\ver.inf
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\uucmovie[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\929[1]
- %WINDIR%\inf\exepath.inf
- <SYSTEM32>\down.dll
- %TEMP%\~DFF82F.tmp
- из <Полный путь к вирусу> в %PROGRAM_FILES%\Internet Explorer\drxtjh\conime.exe
- 'www.72##m.cn':80
- 'www.91##j.cn':80
- 'localhost':1036
- 'www.uu##ovie.cn':80
- www.uu##ovie.cn/detail/929/
- www.91##j.cn/getinfo.aspx?Ui######################
- www.72##m.cn/other/endown.txt
- www.uu##ovie.cn/
- www.72##m.cn/other/ver.txt
- DNS ASK www.91##j.cn
- DNS ASK www.uu##ovie.cn
- DNS ASK www.72##m.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''