Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RAVBG' = '<SYSTEM32>\ctcplus.exe'
- '<SYSTEM32>\taskkill.exe' /IM "gbpsv.exe" /F
- '<SYSTEM32>\cmd.exe' /c ""C:\confiDel.bat""
- '<SYSTEM32>\attrib.exe' /IM "gbpsv.exe" /F
- '<SYSTEM32>\attrib.exe' /pid=1612
- '<SYSTEM32>\attrib.exe' -h -a -r <SYSTEM32>\calc.dat
- '<SYSTEM32>\cmd.exe' /c ""C:\ccleanall.bat""
- '<SYSTEM32>\attrib.exe' -h -a -r C:\circuln.doc
- '<SYSTEM32>\attrib.exe' -h -a -r <SYSTEM32>\jiraia
- <SYSTEM32>\taskkill.exe
- <SYSTEM32>\attrib.exe
- C:\confiDel.txt
- %APPDATA%\channelando.txt
- C:\ccleanall.txt
- <SYSTEM32>\ctcplus.exe
- <Полный путь к вирусу>
- <SYSTEM32>\ctcplus.exe
- C:\ccleanall.bat
- C:\confiDel.txt в C:\confiDel.bat
- C:\ccleanall.txt в C:\ccleanall.bat
- 'te###.dyndns.tv':80
- te###.dyndns.tv/update.ini
- DNS ASK te###.dyndns.tv
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'