Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'WINSS' = '"%TEMP%\<Имя вируса>.exe" /cs:0 '
- <SYSTEM32>\taskkill.exe /F /IM MSASCui* /IM avg* /IM ash* /IM McSA*
- avgcc.exe
- AVGCC32.EXE
- AVGCTRL.EXE
- ash.exe
- ashAvast.exe
- ashAvSrv.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\uninstall[1]
- %TEMP%\del.bat
- %TEMP%\<Имя вируса>.exe
- %TEMP%\<Имя вируса>.exe
- 'localhost':1041
- 'www.wi######ecuritysuite.com':80
- 'sh####caskad.info':80
- 'pr####tunerst.cn':80
- www.wi######ecuritysuite.com/uninstall/?tl#############################
- pr####tunerst.cn/reports/get_install_file.php
- sh####caskad.info/gethash.php
- pr####tunerst.cn/reports/minstalls.php
- DNS ASK www.wi######ecuritysuite.com
- DNS ASK pr####tunerst.cn
- DNS ASK sh####caskad.info
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TMainWindowWSS' WindowName: ''