Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\2c2b02e9] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\5080376f] 'Start' = '00000002'
- <SYSTEM32>\midimap.dll файлом <SYSTEM32>\midimap.dll
- <SYSTEM32>\wshtcpip.dll файлом <SYSTEM32>\wshtcpip.dll
- '%TEMP%\31619.exe'
- '%TEMP%\30fef.tmp'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\Coor.bat
- '<SYSTEM32>\regsvr32.exe' /s /c <SYSTEM32>\kakutk.dll
- %TEMP%\3ftdGyti.dll
- %TEMP%\iyBDsS8Dy.dll
- %TEMP%\B1.zip
- %TEMP%\C1.zip
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\post[1].asp
- %TEMP%\Coor.bat
- <SYSTEM32>\monntkws.dll
- <DRIVERS>\2c2b02e9.sys
- %TEMP%\A1.zip
- %TEMP%\31619.exe
- %TEMP%\nsx2.tmp\ioSpecial.ini
- %TEMP%\30fef.tmp
- <Полный путь к вирусу>
- <DRIVERS>\5080376f.sys
- <SYSTEM32>\kakutk.dll
- %TEMP%\nsx2.tmp\modern-wizard.bmp
- %TEMP%\nsx2.tmp\InstallOptions.dll
- %TEMP%\31619.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\post[1].asp
- <DRIVERS>\2c2b02e9.sys
- <SYSTEM32>\midimap.dll в %TEMP%\uuhh
- <SYSTEM32>\wshtcpip.dll в <SYSTEM32>\eUbu7weye
- '19#.#05.210.189':80
- 19#.#05.210.189/kaixin/post.asp?ma#############################################################################################################################
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''