Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'MSVBSSPLOITDELETESYSTEM32' = '<SYSTEM32>\wincln32.exe <SYSTEM32>\megadel.exe /G <SYSTEM32>\msvbs.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Win32PluginSelfClear' = '<SYSTEM32>\wincln32.exe <SYSTEM32>\megadel.exe /G <Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000000-8C17-4B23-BC80-D3488ABDDC6B}\DownloadInformation] 'CODEBASE' = 'http://codecs.microsoft.com/codecs/i386/fhg.CAB'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Win32updHotSwapOldMsiebnetsErase7357' = '<SYSTEM32>\wincln32.exe <SYSTEM32>\megadel.exe /G <SYSTEM32>\msiebnet.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Win32updHotSwapOldMsiebnetsErase3171' = '<SYSTEM32>\wincln32.exe <SYSTEM32>\megadel.exe /G <SYSTEM32>\msiebnea.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'MSVBSSPLOITDELETEWINDOWSDIR' = '<SYSTEM32>\wincln32.exe <SYSTEM32>\megadel.exe /G %WINDIR%\msvbs.exe'
- <SYSTEM32>\regsvr32.exe -s <SYSTEM32>\msiebneb.dll
- %TEMP%\~DF94F.tmp
- 'localhost':1035
- ClassName: '' WindowName: 'Acrobat Reader - Microsoft Internet Explorer'