Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WindowsRemote] 'Start' = '00000002'
- <SYSTEM32>\setup.exe
- <SYSTEM32>\dllcache\setup.exe файлом <SYSTEM32>\dllcache\setup.exe.new
- <SYSTEM32>\setup.exe файлом <SYSTEM32>\setup.exe.new
- %TEMP%\SETUP.EXE
- <SYSTEM32>\net1.exe stop "Windows Firewall/Internet Connection Sharing (ICS)"
- <SYSTEM32>\net1.exe stop System Restore Service
- <SYSTEM32>\setup.exe
- <SYSTEM32>\net1.exe stop "Security Center"
- <SYSTEM32>\net.exe stop "Security Center"
- <SYSTEM32>\net.exe stop "Windows Firewall/Internet Connection Sharing (ICS)"
- <SYSTEM32>\net.exe stop System Restore Service
- %WINDIR%\Explorer.EXE
- 360tray.exe
- %TEMP%\SETUP.EXE
- <SYSTEM32>\setup.exe.tmp
- %TEMP%\SETUP.EXE
- <SYSTEM32>\dllcache\setup.exe.new в <SYSTEM32>\dllcache\setup.exe
- <SYSTEM32>\setup.exe в <SYSTEM32>\setup.exe.tmp
- из <Полный путь к вирусу> в C:\NTDUBECT.EXE
- 'vv###.3322.org':51
- DNS ASK vv###.3322.org