Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '%WINDIR%\system\system.vbs'
- Средство контроля пользовательских учетных записей (UAC)
- '%WINDIR%\system\svcrs.exe'
- '<SYSTEM32>\net1.exe' stop "Centro de Seguridad"
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
- '<SYSTEM32>\net.exe' stop "Centro de Seguridad"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\system\system.vbs"
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Microsoft /t REG_SZ /d %WINDIR%\system\system.vbs /f
- %TEMP%\php1.tmp
- %TEMP%\php2.tmp
- %TEMP%\php3.tmp
- %WINDIR%\system\system.vbs
- %TEMP%\gert0.dll
- %TEMP%\ci0-temp\vOlkBotnet.set
- %WINDIR%\system\svcrs.exe
- <DRIVERS>\etc\hosts
- %TEMP%\gert0.dll
- %TEMP%\ci0-temp\vOlkBotnet.set
- 'ge####kerdns.co.cc':80
- ge####kerdns.co.cc/priv8//bots.php?na################################
- DNS ASK ge####kerdns.co.cc