Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Control\Session Manager] 'BootExecute' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'gbiesrv' = '%WINDIR%\<Имя вируса>.exe'
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = ''
- [<HKLM>\SYSTEM\ControlSet002\Control\Session Manager] 'BootExecute' = ''
- <SYSTEM32>\abLViuAro.SYS
- <SYSTEM32>\abLViuAro.exe
- <SYSTEM32>\abLViuAro.TYT
- 'in#######anking.caixa.gov.br':443
- 'localhost':1036
- DNS ASK in#######anking.caixa.gov.br
- ClassName: '(null)' WindowName: ''