Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- Средство контроля пользовательских учетных записей (UAC)
- '%TEMP%\RemoveVirus.exe'
- '%TEMP%\slide.exe'
- '%TEMP%\RemoveVirus.exe' (загружен из сети Интернет)
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- '<SYSTEM32>\wscript.exe' "%TEMP%\anc.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\gaf.bat" "
- %TEMP%\RemoveVirus.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sudaneseonline[1]
- %TEMP%\gaf.bat
- %TEMP%\slide.exe
- %TEMP%\anc.vbs
- 'localhost':1040
- 'su####seonline.com':80
- 'wp#d':80
- '19#.#02.155.253':80
- su####seonline.com/
- 19#.#02.155.253/file/xp/RemoveVirus.exe
- wp#d/wpad.dat
- DNS ASK su####seonline.com
- DNS ASK wp#d
- ClassName: 'IEFrame' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'