Техническая информация
- <SYSTEM32>\spoolsv.exe
- %TEMP%\WERdbfd.dir00\spoolsv.exe.mdmp
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OZETEOBV\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GTEZG923\desktop.ini
- %TEMP%\WERdbfd.dir00\manifest.txt
- %TEMP%\WERdbfd.dir00\appcompat.txt
- %TEMP%\WERdbfd.dir00\spoolsv.exe.hdmp
- C:\spoolerlogs\spooler.xml
- %WINDIR%\Temp\2.tmp
- %TEMP%\1.tmp
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KW7RUHMM\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4V2FABO7\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GTEZG923\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OZETEOBV\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4V2FABO7\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KW7RUHMM\desktop.ini
- %TEMP%\1.tmp
- из <Полный путь к вирусу> в %TEMP%\3.tmp
- '85.##.237.229':80
- 85.##.237.229/a5c3190fd8/?h=################################################################################################################################################