Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\TTService] 'Start' = '00000002'
- '%PROGRAM_FILES%\TTBar\TTServer.exe'
- '%PROGRAM_FILES%\TTBar\TTServer.exe' /install /SILENT
- '%TEMP%\is-BJH03.tmp\<Имя вируса>.tmp' /SL5="$40036,481194,53248,<Полный путь к вирусу>"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\TTBar\TTBHO.dll"
- '<SYSTEM32>\taskkill.exe' /F /im TTServer.exe
- %PROGRAM_FILES%\TTBar\TTServer.exe
- %TEMP%\is-OKERG.tmp\TTBHO.dll
- %PROGRAM_FILES%\TTBar\TTBHO.dll
- %TEMP%\is-OKERG.tmp\TTServer.exe
- %TEMP%\is-BJH03.tmp\<Имя вируса>.tmp
- %TEMP%\is-OKERG.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-OKERG.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-OKERG.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-BJH03.tmp\<Имя вируса>.tmp
- %TEMP%\is-OKERG.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-OKERG.tmp\TTBHO.dll
- %TEMP%\is-OKERG.tmp\TTServer.exe
- DNS ASK www.ss##bi.com
- ClassName: '(null)' WindowName: '(null)'
- ClassName: '(null)' WindowName: '????'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'