Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SharedAPPs' = '%WINDIR%\system\<Имя вируса>.exe'
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\del.bat""
- '<SYSTEM32>\regsvr32.exe' /s %WINDIR%\gbiehbsb.dll
- '%WINDIR%\regedit.exe' /s %WINDIR%\sharedapp.reg
- %WINDIR%\dxdiag.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\dxdiag[1].js
- %WINDIR%\gbiehbsb.dll
- <Текущая директория>\del.bat
- %WINDIR%\svcpool.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\svcpool[1].js
- %WINDIR%\system\<Имя вируса>.exe
- %WINDIR%\sharedapp.reg
- %WINDIR%\svchost
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\gbiehbsb[1].js
- <Текущая директория>\lkjsoiq
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ico_indice[1].gif
- %WINDIR%\system\<Имя вируса>.exe
- <Текущая директория>\lkjsoiq
- %WINDIR%\sharedapp.reg
- '20#.#7.212.18':80
- 'im#.##rra.com.br':80
- 'localhost':1036
- 20#.#7.212.18/~lorenaga/script/dxdiag.js
- 20#.#7.212.18/~lorenaga/script/svcpool.js
- im#.##rra.com.br/capa/imagens/ico_indice.gif
- 20#.#7.212.18/~lorenaga/script/gbiehbsb.js
- DNS ASK im#.##rra.com.br
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'