Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'antiporn-z' = 'z:\z-hadi-kiamarsi.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'antiporn' = '%TEMP%\hadi-kiamarsi-filtering.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'antiporn-c' = 'c:\c-hadi-kiamarsi.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'antiporn-e' = 'e:\e-hadi-kiamarsi.exe'
- <Имя диска съемного носителя>:\e-hadi-kiamarsi.exe
- расширений файлов
- %TEMP%\hadi-kiamarsi-filtering.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %TEMP%\hadi-kiamarsi.txt
- %TEMP%\hadi-kiamarsi-filtering.exe
- C:\c-hadi-kiamarsi.exe
- ClassName: '' WindowName: 'Tiny H-Pot v1.6'
- ClassName: '' WindowName: '<Служебное имя>'
- ClassName: '' WindowName: '<SYSTEM32>\cscript.exe'
- ClassName: '' WindowName: 'Connections Tray'
- ClassName: '' WindowName: 'Program Manager'
- ClassName: '' WindowName: 'MS_WebcheckMonitor'
- ClassName: '' WindowName: 'Power Meter'
- ClassName: '' WindowName: 'Form1'
- ClassName: '' WindowName: 'TF_FloatingLangBar_WndTitle'
- ClassName: '' WindowName: 'CiceroUIWndFrame'
- ClassName: '' WindowName: 'Hadi Kiamarsi'
- <Служебный элемент>
- ClassName: '' WindowName: '<Служебное имя> - build Mar 22 2011'
- ClassName: '' WindowName: '<Имя вируса>'