Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\prints.exe,'
- %TEMP%\Del3.tmp 232 "<Полный путь к вирусу>"
- %TEMP%\w7e2.tmp
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\0214289rcs.jpg
- %WINDIR%\Explorer.EXE
- <Текущая директория>\0214289rcs.jpg
- <SYSTEM32>\prints.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\CRNJEUFU-680f[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\CRNJEUFU-680f[1]
- <SYSTEM32>\packet64.dll
- %TEMP%\w7e2.tmp
- %TEMP%\w7e1.tmp
- %TEMP%\Del3.tmp
- %TEMP%\0214289rcs.jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\CRNJEUFU-680f[1]
- %TEMP%\w7e2.tmp
- '11#.#0.221.126':80
- '11#.#0.221.126':8080
- 'an##.#kypetm.com.tw':80
- 'an##.#kypetm.com.tw':8080
- 11#.#0.221.126/FC001/CRNJEUFU-680f
- an##.#kypetm.com.tw/FC001/CRNJEUFU-680f
- DNS ASK ze##.#kypetm.com.tw
- DNS ASK an##.#kypetm.com.tw
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''