Техническая информация
Вредоносные функции:
Внедряет код в
следующие системные процессы:
- <SYSTEM32>\winlogon.exe
Изменения в файловой системе:
Создает следующие файлы:
- <SYSTEM32>\XSXCompress.dll
- %WINDIR%\kiefncol.dll
- C:\Documents and Settings\LocalService\Local Settings\Temp\tmp3A.tmp
- <SYSTEM32>\msqjvmp32.dll
- <SYSTEM32>\IGB_DJOL_1019.dll
- %PROGRAM_FILES%\ctfmonl.exe
- <SYSTEM32>\fgqadw.dll
- <DRIVERS>\phy.sys
- %WINDIR%\kfnrthoh.dll
- %WINDIR%\wiasoisao.exe
- <SYSTEM32>\zxarps.exe
- %WINDIR%\system\motou.exe
- <SYSTEM32>\RxpMoN.Exe
- <DRIVERS>\ncscv32.exe
- <DRIVERS>\nvscv32.exe
- %WINDIR%\system\C0NIME.EXE
- <SYSTEM32>\FTCCompress.dll
- %WINDIR%\system\arp.exe
- %WINDIR%\system\smss.exe
- %WINDIR%\system\dd.exe
- <SYSTEM32>\naijihzeuyouhz.dll
- <SYSTEM32>\ijougiemnaw.dll
- <SYSTEM32>\gnaixnauhuoyizqq.dll
- %WINDIR%\Fonts\gjcsdzc.exe
- %WINDIR%\Fonts\rsjzbsp.exe
- <DRIVERS>\usbine.sys
- %WINDIR%\sjswxu.exe
- <SYSTEM32>\oadnew.dll
- <SYSTEM32>\NNDCompress.dll
- <SYSTEM32>\auhad.dll
- <SYSTEM32>\jcinqj.dll
- <SYSTEM32>\bauhgnem.dll
- <SYSTEM32>\gnolnait.dll
- <SYSTEM32>\ogykcx.dll
- <SYSTEM32>\NBNCompress.dll
- %PROGRAM_FILES%\Internet Explorer\PLUGINS\Sy_Win7k.Jmp
- <SYSTEM32>\wxptdi.sys
- <SYSTEM32>\usrinit.exe
- <SYSTEM32>\caugfe.dll
- %WINDIR%\Fonts\raqjntl.exe
- %PROGRAM_FILES%\Internet Explorer\PLUGINS\System64.Sys
- <DRIVERS>\usbinte.sys
- <SYSTEM32>\Ravasktao.dll
- <SYSTEM32>\ztinetzt.dll
- <SYSTEM32>\Ravasktao.exe
- <SYSTEM32>\upnpsvc.exe
- <SYSTEM32>\UPnPSvc.dll
- <SYSTEM32>\moyu103.dll
- <SYSTEM32>\visin.exe
- <SYSTEM32>\mydata.exe
- <SYSTEM32>\ShellDown.dll
- <SYSTEM32>\ShellDown.exe
- <SYSTEM32>\dlyy.dll
- %WINDIR%\Help\2HJSBC19.exe
- %PROGRAM_FILES%\Internet Explorer\ie2.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\NewTemp.dll
- <SYSTEM32>\ztinetzt.exe
- <SYSTEM32>\love.exe
- %WINDIR%\Help\B7C8A6484EE3.dll
- %WINDIR%\Help\B7C8A6484EE3.exe
- <SYSTEM32>\df91.dll
- <SYSTEM32>\f91b.exe
- <SYSTEM32>\ctfnom.exe
- <SYSTEM32>\91b6.dll
- <SYSTEM32>\AE9C6AE4.EXE
- <SYSTEM32>\ae781.exe
- <SYSTEM32>\rundllforour.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\isignup.sys
- %WINDIR%\upxdnd.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\isignup.dll
- %WINDIR%\e4603.cfg
- %WINDIR%\IMEINPUTS.EXE
- %WINDIR%\603fa.jpg
- %WINDIR%\0e460.dat
- %WINDIR%\4603f.avi
- <SYSTEM32>\5E9F0D5.DLL
- <SYSTEM32>\7df9.dll
- <SYSTEM32>\1-716696
- %WINDIR%\msccrt.exe
- %WINDIR%\preupd.dll
- %WINDIR%\frhhusyk.exe
- C:\Kuwoi.exe
- <SYSTEM32>\TL.exe
- %WINDIR%\547661M.exe
- <SYSTEM32>\lenschk.exe
- <SYSTEM32>\verclsid.exe
- <SYSTEM32>\10.ext
- <SYSTEM32>\msbq.exe
- <SYSTEM32>\1ng5.exe
- C:\KMPlayir.exe
- %WINDIR%\windows.ext
- %PROGRAM_FILES%\Messenger\msgmr.dll
- %WINDIR%\Downloaded Program Files\ThunderAdvise.dll
- %WINDIR%\Update.dll
- <SYSTEM32>\qxfelk.exe
- %WINDIR%\sysocmgr.dll
- <SYSTEM32>\kvtrwkcc.exe
- <SYSTEM32>\System.exe
- <SYSTEM32>\pksetexd.exe
- %WINDIR%\AppPatch\DesktopWin.dll
- <DRIVERS>\suchost.exe
- %WINDIR%\ime\IMJPMIG6.exe
- %WINDIR%\53M.exe
- <SYSTEM32>\a1.exe
- %WINDIR%\71M.exe
- <SYSTEM32>\szace.exe
- <SYSTEM32>\ac97ldr.dll
- <SYSTEM32>\gwchk32.dll
- <SYSTEM32>\idzam.exe
- %WINDIR%\950312_1945888001x.exe
- <SYSTEM32>\C0NIMEO.exe
- C:\donesc.exe
- <SYSTEM32>\xsiscok.exe
- C:\XoreitD.exe
- %PROGRAM_FILES%\IEHome.exe
- C:\Gurnonb.exe
- <SYSTEM32>\takzs.exe
- %WINDIR%\faly.exe
- %WINDIR%\Temp\safesys(1).exe
- <SYSTEM32>\kandofttk.exe
- %WINDIR%\Temp\safesys.exe
- <SYSTEM32>\iemnaw.dll
- %PROGRAM_FILES%\Internet Explorer\OnlO0r.bak
- <SYSTEM32>\vzbcgt.dll
- %WINDIR%\Fonts\avzxost.exe
- <SYSTEM32>\xwwees.dll
- <SYSTEM32>\qqdoor0.dll
- <SYSTEM32>\qzdoor0.dll
- %CommonProgramFiles%\fjOs0r.dll
- %PROGRAM_FILES%\Internet Explorer\OnlO0r.dll
- %PROGRAM_FILES%\Internet Explorer\OnlO0r.obk
- <SYSTEM32>\nuygnef.dll
- <SYSTEM32>\niluw.dll
- <SYSTEM32>\kawdiaz.exe
- <SYSTEM32>\mstfhncn32.dll
- <SYSTEM32>\dpuxlp.dll
- %WINDIR%\Fonts\gjtmbzc.exe
- %WINDIR%\Fonts\rarjftl.exe
- %WINDIR%\Fonts\jsqxczc.exe
- <SYSTEM32>\a.exe
- C:\Documents and Settings\LocalService\Local Settings\Temp\tmp33.tmp
- <SYSTEM32>\83680.exe
- %WINDIR%\ruzi.exe
- %WINDIR%\eylpw.exe
- <SYSTEM32>\qsdoor1.dll
- <SYSTEM32>\fhdoor1.dll
- %WINDIR%\dpgqh.exe
- <SYSTEM32>\rxux15.exe
- <SYSTEM32>\lqcr25.exe
- <SYSTEM32>\HBmhly.exe
- <SYSTEM32>\eput1.exe
- C:\ntdelect.com
- <SYSTEM32>\kavo.exe
- <SYSTEM32>\fhdoor0.dll
- <SYSTEM32>\cmdow.exe
- <SYSTEM32>\qsdoor0.dll
- <SYSTEM32>\qqdoor1.dll
- <SYSTEM32>\qzdoor1.dll
- %WINDIR%\poor.exe
- <SYSTEM32>\fly.exe
- %WINDIR%\fly.exe
- %WINDIR%\Help\2HJSBC19.dll
- %WINDIR%\wsvs.exe
- <SYSTEM32>\hotpmsta.exe
- %WINDIR%\cmdbcs.exe
- %WINDIR%\wsttrs.exe
- %WINDIR%\mppds.exe
- <SYSTEM32>\kerner0826.dll
- <SYSTEM32>\kerner0826IE.dll
- <SYSTEM32>\kerne10916.dll
- <SYSTEM32>\hotpmsta.dat
- <SYSTEM32>\kerne10904.dll
- %WINDIR%\system\icedate.dat
- <SYSTEM32>\ProcSpy.dll
- %WINDIR%\system\WPC.DLL
- %WINDIR%\system\internat.exe
- %WINDIR%\system\SYSTEM32.vxd
- <SYSTEM32>\wsttrs.dll
- <SYSTEM32>\Gjzos.dll
- <SYSTEM32>\wsvs.dll
- <SYSTEM32>\cmdbcs.dll
- <SYSTEM32>\mppds.dll
- %WINDIR%\java\classes\66A75.dll
- C:\NTDETEC.exe
- %WINDIR%\java\classes\66A75.exe
- %WINDIR%\Debug\UserMode\32BB5B6.exe
- %WINDIR%\~tmp6266.exe
- %WINDIR%\Debug\UserMode\3CA549D.dll
- %WINDIR%\Debug\UserMode\3CA549D.exe
- %WINDIR%\Debug\UserMode\8C00D.exe
- %WINDIR%\~tmp3464.exe
- %WINDIR%\Debug\UserMode\8C00D.dll
- %WINDIR%\KSVSvc.exe
- <SYSTEM32>\nslookupi.exe
- %WINDIR%\Installer\service.exe
- <SYSTEM32>\systemm.exe
- <SYSTEM32>\systemt.exe
- %WINDIR%\Hacker.com.cn.exe
- %WINDIR%\Debug\UserMode\32BB5B6.dll
- %WINDIR%\Help\69GH0BNS.exe
- %WINDIR%\rising721.exe
- %WINDIR%\Help\69GH0BNS.dll
- <DRIVERS>\spoclsv.exe
- <DRIVERS>\spo0lsv.exe
- %WINDIR%\nvscv32.exe
- %WINDIR%\iexp1ore.exe
- %WINDIR%\winlog0n.exe
- %WINDIR%\kerner0826.exe
- %WINDIR%\kerner10916.exe
- %WINDIR%\mhsystem.exe
- <SYSTEM32>\FuckJacks.exe
- <SYSTEM32>\SVCH0ST.exe
- %WINDIR%\logo_1.exe
- %WINDIR%\KILL.EXE
- %WINDIR%\logo_.exe
- %WINDIR%\logo1_.exe
- %WINDIR%\rundl132.exe
- %WINDIR%\avp.exe
- %WINDIR%\alga.exe
- %WINDIR%\rundll32.exe
- %WINDIR%\rose.exe
- %WINDIR%\sxs.exe
- %WINDIR%\system\taskmgr.exe.tmp
- %WINDIR%\system\IceHBO.dll
- %WINDIR%\system\cmd.dll
- <SYSTEM32>\1.exe
- %WINDIR%\system\logo_1.exe
- %WINDIR%\system\svchost.exe
- %WINDIR%\system\internat.exe.tmp
- %WINDIR%\system\C.dll
- %WINDIR%\system\taskmgr.exe
- %WINDIR%\system\7.exe
- C:\zhanlang.exe
- C:\zhanlang.vbs
- %WINDIR%\uninstall\rundl132.exe
- %WINDIR%\logo1.exe
- %WINDIR%\logo.exe
- <SYSTEM32>\msccrt.dll
- %WINDIR%\system\1.exe
- <SYSTEM32>\lesosn.exe
- <SYSTEM32>\copymsi.exe
- <SYSTEM32>\win1ogoin.exe
- %WINDIR%\Help\019JDNCT.dll
- <SYSTEM32>\nwizAsktao.exe
- <SYSTEM32>\nwizqjsj.dll
- <SYSTEM32>\nwizAsktao.dll
- <SYSTEM32>\nwizwmsjs.exe
- <SYSTEM32>\cmdbcs.exe
- <SYSTEM32>\nwiztlbb.exe
- <SYSTEM32>\upxdnd.dll
- <SYSTEM32>\nwiztlbb.dll
- <SYSTEM32>\nwizqjsj.exe
- <SYSTEM32>\mppds.exe
- <SYSTEM32>\sws32.dll
- <SYSTEM32>\dtstorp.exe
- <SYSTEM32>\kill.exe
- <SYSTEM32>\rundl132.exe
- <SYSTEM32>\bootconf.exe
- <SYSTEM32>\mh102.exe
- <SYSTEM32>\nwizwmsjs.dll
- <SYSTEM32>\mh102.dll
- <SYSTEM32>\ouvjwsc.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\SysWFGQQ2.dll
- %WINDIR%\Web\printers\images\35B88B196.dll
- %WINDIR%\Web\printers\images\35B88B196.exe
- %PROGRAM_FILES%\Internet Explorer\romdrivers.bkk
- %WINDIR%\Installer\services.exee
- %PROGRAM_FILES%\Internet Explorer\romdrivers.dll
- %CommonProgramFiles%\win.exe
- %WINDIR%\~tmp4522.exe
- C:\pageflieshz.exe
- %WINDIR%\Web\printers\images\fsfwqads.dll
- %WINDIR%\Web\printers\images\fsfwqads.exe
- <SYSTEM32>\nwizmhxy.exe
- <SYSTEM32>\csvchost.exe
- <SYSTEM32>\qjsj100.dll
- <SYSTEM32>\upxdnd.exe
- <SYSTEM32>\nwizmhxy.dll
- %WINDIR%\CMD.DLL
- %WINDIR%\TASKMSN.exe
- %WINDIR%\system\wdfngr.exe
- <SYSTEM32>\cspoolsv.exe
- <SYSTEM32>\clsass.exe
- %WINDIR%\rising413.exe
- %WINDIR%\rising613.exe
- %WINDIR%\winlogone.exe
- %WINDIR%\Debug\UserMode\8508D.exe
- %WINDIR%\rising659.exe
- <SYSTEM32>\6to4svcr.exe
- <SYSTEM32>\77089387.dat
- <SYSTEM32>\rsvp32_2.dll
- %WINDIR%\winvar.dll
- <SYSTEM32>\tf2sound.dll
- %WINDIR%\Help\AA304E150D0C.dll
- %WINDIR%\Help\AA304E150D0C.exe
- %WINDIR%\Help\90GTUABC.exe
- %WINDIR%\Help\019JDNCT.exe
- %WINDIR%\Help\90GTUABC.dll
- %WINDIR%\Debug\UserMode\3083516.exe
- %WINDIR%\Debug\UserMode\8508D.dll
- %WINDIR%\Debug\UserMode\3083516.dll
- %WINDIR%\Web\printers\images\59594F8550.dll
- %WINDIR%\Web\printers\images\59594F8550.exe
- %WINDIR%\vdll.dll
- %WINDIR%\sws32.dll
- %WINDIR%\smss.exe
- %WINDIR%\finders.com
- %WINDIR%\Shell.sys
- %WINDIR%\dll.dll
- <SYSTEM32>\Logo1_.exe
- %WINDIR%\bootconf.exe
- <SYSTEM32>\wydll.dll
- <SYSTEM32>\ShellExt\svchs0t.exe
- <SYSTEM32>\od7media.dll
- <SYSTEM32>\od2media.dll
- <SYSTEM32>\sporder.dll
- <SYSTEM32>\ipv6monl.dll
- <SYSTEM32>\msvcrl.dll
- %WINDIR%\exerouter.exe
- %WINDIR%\EXP10RER.com
- %WINDIR%\1.com
- <SYSTEM32>\winsp2.exe
- C:\Shell.exe
Другое:
Ищет следующие окна:
- ClassName: 'MS_WINHELP' WindowName: ''
