Техническая информация
- '<SYSTEM32>\sc.exe' start winmgmt
- '<SYSTEM32>\sc.exe' config winmgmt start= demand
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\MSWINSCK.OCX"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip.woai310[1]
- %TEMP%\~DF0A8B.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\soso[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ip2city[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ip.woai310[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\list[1].ini
- <SYSTEM32>\MSWINSCK.OCX
- %TEMP%\~DF08A3.TMP
- %TEMP%\~DF0B8C.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\<Имя вируса>[1].ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ip2city[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip.woai310[1]
- 'ip.##ai310.com':80
- 'www.so##.com':80
- 'www.ip##8.com':80
- 'localhost':1035
- 'co####.woai310.com':80
- 'up####.woai310.com':80
- www.so##.com/?un###########
- www.ip##8.com/ip2city.asp
- ip.##ai310.com/
- co####.woai310.com/<Служебное имя>.ini
- up####.woai310.com/count/list.ini
- DNS ASK www.so##.com
- DNS ASK www.ip##8.com
- DNS ASK ip.##ai310.com
- DNS ASK co####.woai310.com
- DNS ASK up####.woai310.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'