Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>' = '<Полный путь к вирусу>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'lsasss' = '%WINDIR%\system\lsasss.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchosts' = '%WINDIR%\svchosts.exe'
- '%WINDIR%\system\lsasss.exe' /pid=2972
- '%WINDIR%\system\lsasss.exe'
- '%WINDIR%\svchosts.exe'
- '<SYSTEM32>\ping.exe' /pid=3852
- '<SYSTEM32>\ping.exe' /pid=3668
- '<SYSTEM32>\ping.exe' /pid=3912
- '<SYSTEM32>\ping.exe' /pid=3776
- '<SYSTEM32>\ping.exe' /pid=4028
- '<SYSTEM32>\ping.exe' /pid=3620
- '<SYSTEM32>\ping.exe' /pid=3792
- '<SYSTEM32>\ping.exe' www.ba##u.com
- '<SYSTEM32>\ping.exe' /pid=3736
- '<SYSTEM32>\ping.exe' /pid=3492
- '<SYSTEM32>\ping.exe' /pid=2364
- <SYSTEM32>\ping.exe
- %WINDIR%\system\lsasss.exe
- %WINDIR%\svchosts.exe
- %WINDIR%\system\lsasss.exe
- %WINDIR%\svchosts.exe
- %TEMP%\~DF9F08.tmp
- 'localhost':1043
- 'localhost':1036
- 'localhost':1035
- DNS ASK www.69#####21.qq.qzone.com
- DNS ASK www.ba##u.com
- ClassName: '(null)' WindowName: 'systems'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'QQ2012'
- ClassName: '(null)' WindowName: 'QQ2013'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'lsasss'
- ClassName: '(null)' WindowName: 'svchosts'