Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winds32' = '%APPDATA%\Roaming\Microsoft\winds32.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\logmail.txt
- '<SYSTEM32>\wbem\WMIADAP.EXE' /F /T /R
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "winds32" /t REG_SZ /d "%APPDATA%\Roaming\Microsoft\winds32.exe
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\logff.txt
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- C:\ProgramData\Microsoft\RAC\Temp\sql232.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql212.tmp
- %TEMP%\logff.txt
- %APPDATA%\Roaming\Microsoft\winds32.exe
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\<Имя вируса>.exe
- C:\ProgramData\Microsoft\RAC\Temp\sql212.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql232.tmp
- %TEMP%\logff.txt
- 'sm##.gmail.com':587
- 'www.my#p.ru':80
- www.my#p.ru/en-EN/index.php
- DNS ASK dn#.##ftncsi.com
- DNS ASK sm##.gmail.com
- DNS ASK www.my#p.ru
- ClassName: 'Indicator' WindowName: '(null)'