Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%PROGRAM_FILES%\Microsoft ActiveSyncs\svchostSever.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>' = '<Текущая директория>\<Имя вируса>Sever.exe'
- %PROGRAM_FILES%\Microsoft ActiveSyncs\svchost.exe
- <Полный путь к вирусу>
- %PROGRAM_FILES%\Microsoft ActiveSyncs\svchost.exe
- <SYSTEM32>\zlib.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\MSWINSCK[1].OCX
- <SYSTEM32>\MSWINSCK.OCX
- %PROGRAM_FILES%\Microsoft ActiveSyncs\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\zlib[1].dll
- 'bl##.naver.com':80
- '1.###.146.153':2012
- '19#.#1.154.126':80
- 'localhost':1036
- '20#.#96.123.190':80
- bl##.naver.com/PostView.nhn?bl############################################################################################################################################################################################
- 19#.#1.154.126/7741u4davk7g/7rcgzs3i71bxqif/MSWINSCK.OCX
- 20#.#96.123.190/d0lbmq5euqwg/hs8bt1rhi98ox97/zlib.dll
- DNS ASK bl##.naver.com
- ClassName: 'TCPViewClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''