Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctfmona' = '<SYSTEM32>\ctfmona.exe'
- %TEMP%\.tt2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\f37ab7fb-182b-4e66-80ea-89e7044c08bf[1].fail
- %TEMP%\.tt3.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\f37ab7fb-182b-4e66-80ea-89e7044c08bf[1].md5
- <SYSTEM32>\rilobed.bmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\f37ab7fb-182b-4e66-80ea-89e7044c08bf[1].exe
- %TEMP%\.tt1.tmp
- %TEMP%\.tt2.tmp
- %TEMP%\.tt1.tmp
- из <Полный путь к вирусу> в <SYSTEM32>\ctfmona.exe
- '20#.#61.200.42':80
- 20#.#61.200.42/notifier/531/f37ab7fb-182b-4e66-80ea-89e7044c08bf.fail
- 20#.#61.200.42/notifier/531/f37ab7fb-182b-4e66-80ea-89e7044c08bf.md5
- 20#.#61.200.42/notifier/531/f37ab7fb-182b-4e66-80ea-89e7044c08bf.exe
- ClassName: 'SysListView32' WindowName: ''