Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Daily' = '%PROGRAM_FILES%\Colorwo\Daily.exe'
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CFB84BBD-959B-4fcb-9A03-22ACE091043C}] 'Exec' = '%PROGRAM_FILES%\Riptide\Monitor.exe'
- %PROGRAM_FILES%\Riptide\Update.exe monitor_daily_v1.0 <Полный путь к вирусу>
- firefox.exe
- %PROGRAM_FILES%\Colorwo\Daily.exe
- %PROGRAM_FILES%\Colorwo\Daily.dll
- %PROGRAM_FILES%\Riptide\Plugin\Monitor.htm
- %PROGRAM_FILES%\Riptide\Plugin\Plugin.dll
- %PROGRAM_FILES%\Riptide\uninst.exe
- %TEMP%\Riptide\Version.dat
- %PROGRAM_FILES%\Colorwo\uninst.exe
- %TEMP%\nsd3.tmp\KillProcDLL.dll
- %PROGRAM_FILES%\Riptide\Monitor.dll
- %PROGRAM_FILES%\Riptide\Monitor.ico
- %TEMP%\nsu2.tmp
- %PROGRAM_FILES%\Riptide\Monitor.exe
- %PROGRAM_FILES%\Riptide\Version.dat
- %PROGRAM_FILES%\Riptide\К№УГЦёДП.txt
- %PROGRAM_FILES%\Riptide\Update.exe
- %PROGRAM_FILES%\Riptide\Server.dat
- %TEMP%\Riptide\Version.dat
- %TEMP%\nsd3.tmp\KillProcDLL.dll
- 'www.co##rwo.cn':80
- 'localhost':1037
- www.co##rwo.cn/update/riptide/v1.0/Version.dat
- www.co##rwo.cn/service/install_report.php
- DNS ASK www.co##rwo.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''