Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{9DI9EAC3-F25C-649D-E021-2030E7FD7EC5}] 'StubPath' = '"<SYSTEM32>\taskchk.exe" NetSpoolPtr'
- <SYSTEM32>\srmss.exe
- %TEMP%\~DF1.tmp _$PID:60 _$EXE:<Полный путь к вирусу> _$CMDLINE:
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\SystemCheck.bat
- <SYSTEM32>\taskchk.sys
- <SYSTEM32>\taskchk.exe
- <SYSTEM32>\ffffz201209242309ca.tmp
- <SYSTEM32>\SystemCheck.bat
- <SYSTEM32>\pacer.dll
- <SYSTEM32>\srmss.exe
- %TEMP%\~DF1.tmp
- <SYSTEM32>\taskchk.bin
- <SYSTEM32>\autop.auc
- <SYSTEM32>\ffffz201209242309ca.tmp
- <SYSTEM32>\srmss.exe
- <SYSTEM32>\autop.auc
- <SYSTEM32>\taskchk.bin
- 'www.ya###dagolf.com':80
- 'www.ad####updates.com':80
- www.ya###dagolf.com/test/yahoo/banner4.php?jp##########
- www.ad####updates.com/cy0427/yahoo/banner4.php?jp##########
- DNS ASK www.ya###dagolf.com
- DNS ASK www.ad####updates.com
- DNS ASK www.microsoft.com