Win32.HLLW.Autoruner1.44951

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{H1I22RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK}] 'stubpath' = ''

Создает следующие файлы на съемном носителе:

<Имя диска съемного носителя>:\recycle.{645FF040-5081-101B-9F08-00AA002F954E}\shit
<Имя диска съемного носителя>:\AUTORUN.INF

Вредоносные функции:

Создает и запускает на исполнение:

'%WINDIR%\Fuckme\connects.exe' 10.0.0.170
'%WINDIR%\Fuckme\connects.exe' 10.0.0.169
'%WINDIR%\Fuckme\connects.exe' 10.0.0.168
'%WINDIR%\Fuckme\connects.exe' 10.0.0.171
'%WINDIR%\Fuckme\connects.exe' 10.0.0.174
'%WINDIR%\Fuckme\connects.exe' 10.0.0.173
'%WINDIR%\Fuckme\connects.exe' 10.0.0.172
'%WINDIR%\Fuckme\connects.exe' 10.0.0.167
'%WINDIR%\Fuckme\connects.exe' 10.0.0.162
'%WINDIR%\Fuckme\connects.exe' 10.0.0.161
'%WINDIR%\Fuckme\connects.exe' 10.0.0.160
'%WINDIR%\Fuckme\connects.exe' 10.0.0.163
'%WINDIR%\Fuckme\connects.exe' 10.0.0.166
'%WINDIR%\Fuckme\connects.exe' 10.0.0.165
'%WINDIR%\Fuckme\connects.exe' 10.0.0.164
'%WINDIR%\Fuckme\connects.exe' 10.0.0.175
'%WINDIR%\Fuckme\connects.exe' 10.0.0.186
'%WINDIR%\Fuckme\connects.exe' 10.0.0.185
'%WINDIR%\Fuckme\connects.exe' 10.0.0.184
'%WINDIR%\Fuckme\connects.exe' 10.0.0.187
'%WINDIR%\Fuckme\connects.exe' /pid=3144
'%WINDIR%\Fuckme\connects.exe' 10.0.0.189
'%WINDIR%\Fuckme\connects.exe' 10.0.0.188
'%WINDIR%\Fuckme\connects.exe' 10.0.0.183
'%WINDIR%\Fuckme\connects.exe' 10.0.0.178
'%WINDIR%\Fuckme\connects.exe' 10.0.0.177
'%WINDIR%\Fuckme\connects.exe' 10.0.0.176
'%WINDIR%\Fuckme\connects.exe' 10.0.0.179
'%WINDIR%\Fuckme\connects.exe' 10.0.0.182
'%WINDIR%\Fuckme\connects.exe' 10.0.0.181
'%WINDIR%\Fuckme\connects.exe' 10.0.0.180
'%WINDIR%\Fuckme\connects.exe' 10.0.0.159
'%WINDIR%\Fuckme\connects.exe' 10.0.0.138
'%WINDIR%\Fuckme\connects.exe' 10.0.0.137
'%WINDIR%\Fuckme\connects.exe' 10.0.0.136
'%WINDIR%\Fuckme\connects.exe' 10.0.0.139
'%WINDIR%\Fuckme\connects.exe' 10.0.0.142
'%WINDIR%\Fuckme\connects.exe' 10.0.0.141
'%WINDIR%\Fuckme\connects.exe' 10.0.0.140
'%WINDIR%\Fuckme\connects.exe' 10.0.0.135
'%WINDIR%\Fuckme\connects.exe' 10.0.0.130
'%WINDIR%\Fuckme\connects.exe' 10.0.0.129
'%WINDIR%\Fuckme\connects.exe' 10.0.0.128
'%WINDIR%\Fuckme\connects.exe' 10.0.0.131
'%WINDIR%\Fuckme\connects.exe' 10.0.0.134
'%WINDIR%\Fuckme\connects.exe' 10.0.0.133
'%WINDIR%\Fuckme\connects.exe' 10.0.0.132
'%WINDIR%\Fuckme\connects.exe' 10.0.0.143
'%WINDIR%\Fuckme\connects.exe' 10.0.0.154
'%WINDIR%\Fuckme\connects.exe' 10.0.0.153
'%WINDIR%\Fuckme\connects.exe' 10.0.0.152
'%WINDIR%\Fuckme\connects.exe' 10.0.0.155
'%WINDIR%\Fuckme\connects.exe' 10.0.0.158
'%WINDIR%\Fuckme\connects.exe' 10.0.0.157
'%WINDIR%\Fuckme\connects.exe' 10.0.0.156
'%WINDIR%\Fuckme\connects.exe' 10.0.0.151
'%WINDIR%\Fuckme\connects.exe' 10.0.0.146
'%WINDIR%\Fuckme\connects.exe' 10.0.0.145
'%WINDIR%\Fuckme\connects.exe' 10.0.0.144
'%WINDIR%\Fuckme\connects.exe' 10.0.0.147
'%WINDIR%\Fuckme\connects.exe' 10.0.0.150
'%WINDIR%\Fuckme\connects.exe' 10.0.0.149
'%WINDIR%\Fuckme\connects.exe' 10.0.0.148
'%WINDIR%\Fuckme\connects.exe' 10.0.0.190
'%WINDIR%\Fuckme\connects.exe' 10.0.0.233
'%WINDIR%\Fuckme\connects.exe' 10.0.0.232
'%WINDIR%\Fuckme\connects.exe' 10.0.0.231
'%WINDIR%\Fuckme\connects.exe' 10.0.0.234
'%WINDIR%\Fuckme\connects.exe' 10.0.0.237
'%WINDIR%\Fuckme\connects.exe' 10.0.0.236
'%WINDIR%\Fuckme\connects.exe' 10.0.0.235
'%WINDIR%\Fuckme\connects.exe' 10.0.0.230
'%WINDIR%\Fuckme\connects.exe' 10.0.0.225
'%WINDIR%\Fuckme\connects.exe' 10.0.0.224
'%WINDIR%\Fuckme\connects.exe' 10.0.0.223
'%WINDIR%\Fuckme\connects.exe' 10.0.0.226
'%WINDIR%\Fuckme\connects.exe' 10.0.0.229
'%WINDIR%\Fuckme\connects.exe' 10.0.0.228
'%WINDIR%\Fuckme\connects.exe' 10.0.0.227
'%WINDIR%\Fuckme\connects.exe' 10.0.0.238
'%WINDIR%\Fuckme\connects.exe' 10.0.0.249
'%WINDIR%\Fuckme\connects.exe' 10.0.0.248
'%WINDIR%\Fuckme\connects.exe' 10.0.0.247
'%WINDIR%\Fuckme\connects.exe' 10.0.0.250
'%WINDIR%\Fuckme\connects.exe' 10.0.0.253
'%WINDIR%\Fuckme\connects.exe' 10.0.0.252
'%WINDIR%\Fuckme\connects.exe' 10.0.0.251
'%WINDIR%\Fuckme\connects.exe' 10.0.0.246
'%WINDIR%\Fuckme\connects.exe' 10.0.0.241
'%WINDIR%\Fuckme\connects.exe' 10.0.0.240
'%WINDIR%\Fuckme\connects.exe' 10.0.0.239
'%WINDIR%\Fuckme\connects.exe' 10.0.0.242
'%WINDIR%\Fuckme\connects.exe' 10.0.0.245
'%WINDIR%\Fuckme\connects.exe' 10.0.0.244
'%WINDIR%\Fuckme\connects.exe' 10.0.0.243
'%WINDIR%\Fuckme\connects.exe' 10.0.0.222
'%WINDIR%\Fuckme\connects.exe' 10.0.0.201
'%WINDIR%\Fuckme\connects.exe' 10.0.0.200
'%WINDIR%\Fuckme\connects.exe' 10.0.0.199
'%WINDIR%\Fuckme\connects.exe' 10.0.0.202
'%WINDIR%\Fuckme\connects.exe' 10.0.0.205
'%WINDIR%\Fuckme\connects.exe' 10.0.0.204
'%WINDIR%\Fuckme\connects.exe' 10.0.0.203
'%WINDIR%\Fuckme\connects.exe' 10.0.0.198
'%WINDIR%\Fuckme\connects.exe' 10.0.0.193
'%WINDIR%\Fuckme\connects.exe' 10.0.0.192
'%WINDIR%\Fuckme\connects.exe' 10.0.0.191
'%WINDIR%\Fuckme\connects.exe' 10.0.0.194
'%WINDIR%\Fuckme\connects.exe' 10.0.0.197
'%WINDIR%\Fuckme\connects.exe' 10.0.0.196
'%WINDIR%\Fuckme\connects.exe' 10.0.0.195
'%WINDIR%\Fuckme\connects.exe' 10.0.0.206
'%WINDIR%\Fuckme\connects.exe' 10.0.0.217
'%WINDIR%\Fuckme\connects.exe' 10.0.0.216
'%WINDIR%\Fuckme\connects.exe' 10.0.0.215
'%WINDIR%\Fuckme\connects.exe' 10.0.0.218
'%WINDIR%\Fuckme\connects.exe' 10.0.0.221
'%WINDIR%\Fuckme\connects.exe' 10.0.0.220
'%WINDIR%\Fuckme\connects.exe' 10.0.0.219
'%WINDIR%\Fuckme\connects.exe' 10.0.0.214
'%WINDIR%\Fuckme\connects.exe' 10.0.0.209
'%WINDIR%\Fuckme\connects.exe' 10.0.0.208
'%WINDIR%\Fuckme\connects.exe' 10.0.0.207
'%WINDIR%\Fuckme\connects.exe' 10.0.0.210
'%WINDIR%\Fuckme\connects.exe' 10.0.0.213
'%WINDIR%\Fuckme\connects.exe' 10.0.0.212
'%WINDIR%\Fuckme\connects.exe' 10.0.0.211
'%WINDIR%\Fuckme\connects.exe' 10.0.0.127
'%WINDIR%\Fuckme\connects.exe' 10.0.0.42
'%WINDIR%\Fuckme\connects.exe' 10.0.0.41
'%WINDIR%\Fuckme\connects.exe' 10.0.0.40
'%WINDIR%\Fuckme\connects.exe' 10.0.0.43
'%WINDIR%\Fuckme\connects.exe' 10.0.0.46
'%WINDIR%\Fuckme\connects.exe' 10.0.0.45
'%WINDIR%\Fuckme\connects.exe' 10.0.0.44
'%WINDIR%\Fuckme\connects.exe' 10.0.0.39
'%WINDIR%\Fuckme\connects.exe' 10.0.0.34
'%WINDIR%\Fuckme\connects.exe' 10.0.0.33
'%WINDIR%\Fuckme\connects.exe' 10.0.0.32
'%WINDIR%\Fuckme\connects.exe' 10.0.0.35
'%WINDIR%\Fuckme\connects.exe' 10.0.0.38
'%WINDIR%\Fuckme\connects.exe' 10.0.0.37
'%WINDIR%\Fuckme\connects.exe' 10.0.0.36
'%WINDIR%\Fuckme\connects.exe' 10.0.0.47
'%WINDIR%\Fuckme\connects.exe' 10.0.0.58
'%WINDIR%\Fuckme\connects.exe' 10.0.0.57
'%WINDIR%\Fuckme\connects.exe' 10.0.0.56
'%WINDIR%\Fuckme\connects.exe' 10.0.0.59
'%WINDIR%\Fuckme\connects.exe' 10.0.0.62
'%WINDIR%\Fuckme\connects.exe' 10.0.0.61
'%WINDIR%\Fuckme\connects.exe' 10.0.0.60
'%WINDIR%\Fuckme\connects.exe' 10.0.0.55
'%WINDIR%\Fuckme\connects.exe' 10.0.0.50
'%WINDIR%\Fuckme\connects.exe' 10.0.0.49
'%WINDIR%\Fuckme\connects.exe' 10.0.0.48
'%WINDIR%\Fuckme\connects.exe' 10.0.0.51
'%WINDIR%\Fuckme\connects.exe' 10.0.0.54
'%WINDIR%\Fuckme\connects.exe' 10.0.0.53
'%WINDIR%\Fuckme\connects.exe' 10.0.0.52
'%WINDIR%\Fuckme\connects.exe' 10.0.0.31
'%WINDIR%\Fuckme\connects.exe' 10.0.0.13
'%WINDIR%\Fuckme\connects.exe' 10.0.0.12
'%WINDIR%\Fuckme\connects.exe' 10.0.0.4
'%WINDIR%\Fuckme\connects.exe' 10.0.0.14
'%WINDIR%\Fuckme\connects.exe' 10.0.0.6
'%WINDIR%\Fuckme\connects.exe' 10.0.0.15
'%WINDIR%\Fuckme\connects.exe' 10.0.0.5
'%WINDIR%\Fuckme\connects.exe' 10.0.0.11
'%WINDIR%\Fuckme\connects.exe' 10.0.0.1
'%WINDIR%\Fuckme\connects.exe' 10.0.0.2
'%WINDIR%\Fuckme\Fuckme.exe'
'%WINDIR%\Fuckme\connects.exe' 10.0.0.3
'%WINDIR%\Fuckme\connects.exe' 10.0.0.10
'%WINDIR%\Fuckme\connects.exe' 10.0.0.9
'%WINDIR%\Fuckme\connects.exe' 10.0.0.8
'%WINDIR%\Fuckme\connects.exe' 10.0.0.16
'%WINDIR%\Fuckme\connects.exe' 10.0.0.25
'%WINDIR%\Fuckme\connects.exe' 10.0.0.26
'%WINDIR%\Fuckme\connects.exe' 10.0.0.24
'%WINDIR%\Fuckme\connects.exe' 10.0.0.27
'%WINDIR%\Fuckme\connects.exe' 10.0.0.30
'%WINDIR%\Fuckme\connects.exe' 10.0.0.29
'%WINDIR%\Fuckme\connects.exe' 10.0.0.28
'%WINDIR%\Fuckme\connects.exe' 10.0.0.23
'%WINDIR%\Fuckme\connects.exe' 10.0.0.18
'%WINDIR%\Fuckme\connects.exe' 10.0.0.17
'%WINDIR%\Fuckme\connects.exe' 10.0.0.7
'%WINDIR%\Fuckme\connects.exe' 10.0.0.19
'%WINDIR%\Fuckme\connects.exe' 10.0.0.21
'%WINDIR%\Fuckme\connects.exe' 10.0.0.22
'%WINDIR%\Fuckme\connects.exe' 10.0.0.20
'%WINDIR%\Fuckme\connects.exe' 10.0.0.63
'%WINDIR%\Fuckme\connects.exe' 10.0.0.106
'%WINDIR%\Fuckme\connects.exe' 10.0.0.105
'%WINDIR%\Fuckme\connects.exe' 10.0.0.104
'%WINDIR%\Fuckme\connects.exe' 10.0.0.107
'%WINDIR%\Fuckme\connects.exe' 10.0.0.110
'%WINDIR%\Fuckme\connects.exe' 10.0.0.109
'%WINDIR%\Fuckme\connects.exe' 10.0.0.108
'%WINDIR%\Fuckme\connects.exe' 10.0.0.103
'%WINDIR%\Fuckme\connects.exe' 10.0.0.98
'%WINDIR%\Fuckme\connects.exe' 10.0.0.97
'%WINDIR%\Fuckme\connects.exe' 10.0.0.96
'%WINDIR%\Fuckme\connects.exe' 10.0.0.99
'%WINDIR%\Fuckme\connects.exe' 10.0.0.102
'%WINDIR%\Fuckme\connects.exe' 10.0.0.101
'%WINDIR%\Fuckme\connects.exe' 10.0.0.100
'%WINDIR%\Fuckme\connects.exe' 10.0.0.111
'%WINDIR%\Fuckme\connects.exe' 10.0.0.122
'%WINDIR%\Fuckme\connects.exe' 10.0.0.121
'%WINDIR%\Fuckme\connects.exe' 10.0.0.120
'%WINDIR%\Fuckme\connects.exe' 10.0.0.123
'%WINDIR%\Fuckme\connects.exe' 10.0.0.126
'%WINDIR%\Fuckme\connects.exe' 10.0.0.125
'%WINDIR%\Fuckme\connects.exe' 10.0.0.124
'%WINDIR%\Fuckme\connects.exe' 10.0.0.119
'%WINDIR%\Fuckme\connects.exe' 10.0.0.114
'%WINDIR%\Fuckme\connects.exe' 10.0.0.113
'%WINDIR%\Fuckme\connects.exe' 10.0.0.112
'%WINDIR%\Fuckme\connects.exe' 10.0.0.115
'%WINDIR%\Fuckme\connects.exe' 10.0.0.118
'%WINDIR%\Fuckme\connects.exe' 10.0.0.117
'%WINDIR%\Fuckme\connects.exe' 10.0.0.116
'%WINDIR%\Fuckme\connects.exe' 10.0.0.95
'%WINDIR%\Fuckme\connects.exe' 10.0.0.74
'%WINDIR%\Fuckme\connects.exe' 10.0.0.73
'%WINDIR%\Fuckme\connects.exe' 10.0.0.72
'%WINDIR%\Fuckme\connects.exe' 10.0.0.75
'%WINDIR%\Fuckme\connects.exe' 10.0.0.78
'%WINDIR%\Fuckme\connects.exe' 10.0.0.77
'%WINDIR%\Fuckme\connects.exe' 10.0.0.76
'%WINDIR%\Fuckme\connects.exe' 10.0.0.71
'%WINDIR%\Fuckme\connects.exe' 10.0.0.66
'%WINDIR%\Fuckme\connects.exe' 10.0.0.65
'%WINDIR%\Fuckme\connects.exe' 10.0.0.64
'%WINDIR%\Fuckme\connects.exe' 10.0.0.67
'%WINDIR%\Fuckme\connects.exe' 10.0.0.70
'%WINDIR%\Fuckme\connects.exe' 10.0.0.69
'%WINDIR%\Fuckme\connects.exe' 10.0.0.68
'%WINDIR%\Fuckme\connects.exe' 10.0.0.79
'%WINDIR%\Fuckme\connects.exe' 10.0.0.90
'%WINDIR%\Fuckme\connects.exe' 10.0.0.89
'%WINDIR%\Fuckme\connects.exe' 10.0.0.88
'%WINDIR%\Fuckme\connects.exe' 10.0.0.91
'%WINDIR%\Fuckme\connects.exe' 10.0.0.94
'%WINDIR%\Fuckme\connects.exe' 10.0.0.93
'%WINDIR%\Fuckme\connects.exe' 10.0.0.92
'%WINDIR%\Fuckme\connects.exe' 10.0.0.87
'%WINDIR%\Fuckme\connects.exe' 10.0.0.82
'%WINDIR%\Fuckme\connects.exe' 10.0.0.81
'%WINDIR%\Fuckme\connects.exe' 10.0.0.80
'%WINDIR%\Fuckme\connects.exe' 10.0.0.83
'%WINDIR%\Fuckme\connects.exe' 10.0.0.86
'%WINDIR%\Fuckme\connects.exe' 10.0.0.85
'%WINDIR%\Fuckme\connects.exe' 10.0.0.84

Внедряет код в

следующие системные процессы:

<SYSTEM32>\svchost.exe

Завершает или пытается завершить

следующие пользовательские процессы:

360tray.exe

Изменения в файловой системе:

Создает следующие файлы:

%CommonProgramFiles%\Microsoft Shared\TextConv\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\Stationery\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\Triedit\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\VGX\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\VC\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\DW\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\DW\3082\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\MSInfo\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\Speech\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\Speech\1033\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\bin\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\bin\1033\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\bots\vinavbar\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\isapi\_vti_adm\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\bots\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\admcgi\scripts\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\Web Folders\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\admcgi\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\admisapi\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\admisapi\scripts\wsock32.dll
C:\Far2\PluginSDK\Headers.pas\wsock32.dll
C:\Far2\PluginSDK\Headers.c\wsock32.dll
C:\Far2\PluginSDK\wsock32.dll
<Служебный элемент>
C:\Far2\wsock32.dll
C:\Far2\Plugins\WinSCP\resource\wsock32.dll
C:\Far2\Plugins\WinSCP\release\wsock32.dll
C:\Far2\Plugins\WinSCP\windows\wsock32.dll
C:\Far2\Plugins\wsock32.dll
C:\Far2\Plugins\WinSCP\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\DW\1040\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\DW\1036\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\DW\1041\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\DW\2052\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\DW\1042\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\DW\1025\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\DAO\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\DW\1028\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\DW\1033\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\DW\1031\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\isapi\_vti_aut\wsock32.dll
%PROGRAM_FILES%\ComPlus Applications\wsock32.dll
%CommonProgramFiles%\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\branding\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\browser\certerror\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\browser\bookmarks\wsock32.dll
%CommonProgramFiles%\System\ado\wsock32.dll
%CommonProgramFiles%\SpeechEngines\wsock32.dll
%CommonProgramFiles%\System\msadc\wsock32.dll
%CommonProgramFiles%\System\wsock32.dll
%CommonProgramFiles%\System\Ole DB\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\browser\safebrowsing\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\browser\preferences\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\browser\search\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\browser\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\browser\history\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\browser\feeds\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\browser\migration\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\browser\places\wsock32.dll
%PROGRAM_FILES%\FireFox\chrome\browser\content\browser\pageinfo\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\wsock32.dll
%CommonProgramFiles%\MSSoap\Binaries\Resources\wsock32.dll
%CommonProgramFiles%\MSSoap\Binaries\Resources\1033\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\servsupp\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\isapi\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\_vti_bin\wsock32.dll
%CommonProgramFiles%\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut\wsock32.dll
%CommonProgramFiles%\SpeechEngines\Microsoft\Lexicon\wsock32.dll
%CommonProgramFiles%\SpeechEngines\Microsoft\Lexicon\1033\wsock32.dll
%CommonProgramFiles%\SpeechEngines\Microsoft\TTS\1033\wsock32.dll
%CommonProgramFiles%\SpeechEngines\Microsoft\wsock32.dll
%CommonProgramFiles%\SpeechEngines\Microsoft\TTS\wsock32.dll
%CommonProgramFiles%\MSSoap\wsock32.dll
%CommonProgramFiles%\MSSoap\Binaries\wsock32.dll
%CommonProgramFiles%\ODBC\Data Sources\wsock32.dll
%CommonProgramFiles%\Services\wsock32.dll
%CommonProgramFiles%\ODBC\wsock32.dll
C:\Far2\Documentation\rus\wsock32.dll
C:\Far2\Documentation\eng\wsock32.dll
C:\Far2\Documentation\wsock32.dll
C:\Far2\FExcept\wsock32.dll
C:\Far2\Encyclopedia\wsock32.dll
C:\Far2\Addons\wsock32.dll
\Device\LanmanRedirector\10.0.0.4\pipe\browser
\Device\LanmanRedirector\10.0.0.12\pipe\browser
\Device\LanmanRedirector\10.0.0.14\pipe\browser
\Device\LanmanRedirector\10.0.0.13\pipe\browser
C:\Far2\Plugins\Colorer\hrc\auto\types\wsock32.dll
C:\Far2\Plugins\Colorer\bin\wsock32.dll
C:\Far2\Plugins\Colorer\hrc\auto\wsock32.dll
C:\Far2\Plugins\Colorer\hrd\console\contrib\wsock32.dll
C:\Far2\Plugins\Colorer\hrc\wsock32.dll
C:\Far2\Plugins\Align\wsock32.dll
C:\Far2\Plugins\7-Zip\wsock32.dll
C:\Far2\Plugins\arclite\wsock32.dll
C:\Far2\Plugins\Brackets\wsock32.dll
C:\Far2\Plugins\AutoWrap\wsock32.dll
C:\Far2\Addons\Colors\Default Highlighting\wsock32.dll
C:\Far2\Addons\Colors\Custom Highlighting\wsock32.dll
C:\Far2\Addons\Colors\wsock32.dll
C:\Far2\Addons\SetUp\wsock32.dll
C:\Far2\Addons\Macros\wsock32.dll
%WINDIR%\Fuckme\shit.vbs
%WINDIR%\Fuckme\Fuckme.exe
%WINDIR%\Fuckme\wsock32.dll
<Текущая директория>\wsock32.dll
%WINDIR%\Fuckme\connects.exe
\Device\LanmanRedirector\10.0.0.8\pipe\browser
C:\Far2\Addons\XLat\wsock32.dll
\Device\LanmanRedirector\10.0.0.9\pipe\browser
\Device\LanmanRedirector\10.0.0.11\pipe\browser
\Device\LanmanRedirector\10.0.0.10\pipe\browser
C:\Far2\Addons\XLat\Russian\wsock32.dll
C:\Far2\Addons\Shell\wsock32.dll
\Device\LanmanRedirector\10.0.0.2\pipe\browser
%WINDIR%\Fuckme\desktop.ini
\Device\LanmanRedirector\10.0.0.3\pipe\browser
C:\Far2\Plugins\Colorer\hrd\console\wsock32.dll
C:\Far2\Plugins\WinSCP\filezilla\misc\wsock32.dll
C:\Far2\Plugins\WinSCP\fari\wsock32.dll
C:\Far2\Plugins\WinSCP\filezilla\wsock32.dll
C:\Far2\Plugins\WinSCP\lib\wsock32.dll
C:\Far2\Plugins\WinSCP\forms\wsock32.dll
C:\Far2\Plugins\WinSCP\console\wsock32.dll
C:\Far2\Plugins\WinSCP\components\wsock32.dll
C:\Far2\Plugins\WinSCP\core\wsock32.dll
C:\Far2\Plugins\WinSCP\far\wsock32.dll
C:\Far2\Plugins\WinSCP\dragext\wsock32.dll
C:\Far2\Plugins\WinSCP\packages\wsock32.dll
C:\Far2\Plugins\WinSCP\packages\theme\wsock32.dll
C:\Far2\Plugins\WinSCP\putty\charset\wsock32.dll
C:\Far2\Plugins\WinSCP\putty\wsock32.dll
C:\Far2\Plugins\WinSCP\putty\windows\wsock32.dll
C:\Far2\Plugins\WinSCP\packages\filemng\wsock32.dll
C:\Far2\Plugins\WinSCP\packages\dragndrop\wsock32.dll
C:\Far2\Plugins\WinSCP\packages\my\wsock32.dll
C:\Far2\Plugins\WinSCP\packages\tbx\wsock32.dll
C:\Far2\Plugins\WinSCP\packages\tb2k\wsock32.dll
C:\Far2\Plugins\ExtSearch\doc\wsock32.dll
C:\Far2\Plugins\EMenu\wsock32.dll
C:\Far2\Plugins\ExtSearch\keys\wsock32.dll
C:\Far2\Plugins\ExtSearch\sources\wsock32.dll
C:\Far2\Plugins\ExtSearch\sources\RegExp\wsock32.dll
C:\Far2\Plugins\Colorer\wsock32.dll
C:\Far2\Plugins\Colorer\hrd\wsock32.dll
C:\Far2\Plugins\Compare\wsock32.dll
C:\Far2\Plugins\EditCase\wsock32.dll
C:\Far2\Plugins\DrawLine\wsock32.dll
C:\Far2\Plugins\MacroView\wsock32.dll
C:\Far2\Plugins\HlfViewer\wsock32.dll
C:\Far2\Plugins\Network\wsock32.dll
C:\Far2\Plugins\TmpPanel\wsock32.dll
C:\Far2\Plugins\ProcList\wsock32.dll
C:\Far2\Plugins\FarCmds\wsock32.dll
C:\Far2\Plugins\ExtSearch\wsock32.dll
C:\Far2\Plugins\FileCase\wsock32.dll
C:\Far2\Plugins\FTP\wsock32.dll
C:\Far2\Plugins\FTP\lib\wsock32.dll

Присваивает атрибут 'скрытый' для следующих файлов:

%WINDIR%\Fuckme\desktop.ini
<Имя диска съемного носителя>:\AUTORUN.INF

Самоудаляется.

Сетевая активность:

Подключается к:

'<IP-адрес в локальной сети>':80
'<IP-адрес в локальной сети>':139
'vb##s.cn':80
'<IP-адрес в локальной сети>':445

TCP:

Запросы HTTP GET:

vb##s.cn/tj/ct.asp?ma####################

UDP:

DNS ASK vb##s.cn

Другое:

Ищет следующие окна:

ClassName: 'AfxControlBar42s' WindowName: ''

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация