Техническая информация
- '%HOMEPATH%\My Documents\TXPlatform.exe'
- '%HOMEPATH%\My Documents\TTK_4920010020130424_v132031.exe'
- '<SYSTEM32>\qywir.exe'
- '%HOMEPATH%\My Documents\TTK_4920010020130424_v132031.exe' (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\TTK_4920010020130424_v132031[1].exe
- <SYSTEM32>\tslable.ini
- %TEMP%\nso2.tmp\inetc.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\Control[1].asp
- %HOMEPATH%\My Documents\TXPlatform.exe
- %HOMEPATH%\My Documents\TTK_4920010020130424_v132031.exe
- %TEMP%\nso2.tmp\FindProcDLL.dll
- %TEMP%\nso2.tmp\AccessControl.dll
- <SYSTEM32>\TP.dll
- %TEMP%\nso2.tmp\System.dll
- <SYSTEM32>\Stat.dll
- <SYSTEM32>\Sg_tp.exe
- <SYSTEM32>\ComBHO.dll
- <SYSTEM32>\ComBHO.dll
- <SYSTEM32>\uavxh.dll
- <Полный путь к вирусу>
- %TEMP%\nso2.tmp\inetc.dll
- %TEMP%\nso2.tmp\System.dll
- %TEMP%\nso2.tmp\FindProcDLL.dll
- %HOMEPATH%\My Documents\TTK_4920010020130424_v132031.exe
- %TEMP%\nso2.tmp\AccessControl.dll
- <SYSTEM32>\Sg_tp.exe в <SYSTEM32>\qywir.exe
- <SYSTEM32>\TP.dll в <SYSTEM32>\uavxh.dll
- 'www.vo##o.net':80
- 'br#####.re.taotaosou.com':80
- www.vo##o.net/Ad/YY/Control.asp
- br#####.re.taotaosou.com/download/TTK_4920010020130424_v132031.exe
- DNS ASK www.vo##o.net
- DNS ASK br#####.re.taotaosou.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'