Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\ThannelRent] 'Start' = '00000002'
- '<SYSTEM32>\wsqmcons.exe'
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '<SYSTEM32>\schtasks.exe' /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
- '<SYSTEM32>\taskhost.exe' $(Arg0)
- '<SYSTEM32>\sc.exe' Create ThannelRent binPath= "cmd /c start <SYSTEM32>\Com\vsxm.vbs" type= own type= interact start= auto
- '<SYSTEM32>\sc.exe' start w32time task_started
- '<SYSTEM32>\sdclt.exe' /CONFIGNOTIFICATION
- C:\ProgramData\Microsoft\RAC\Temp\sql8B3F.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql8AF0.tmp
- %WINDIR%\inf\msxsd.vbe
- <Полный путь к вирусу>
- 'www.wh###smyip.net':80
- www.wh###smyip.net/
- DNS ASK ti##.#indows.com
- DNS ASK www.wh###smyip.net
- 'ti##.#indows.com':123
- ClassName: '(null)' WindowName: 'V3LTray.exe'
- ClassName: '(null)' WindowName: 'V3LSvc.exe'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebCheckMonitor' WindowName: '(null)'