Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AVFuckstarter' = '<SYSTEM32>\Windows Update v.618519.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'avira' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AVFuck' = '%TEMP%\avira.cmd'
- скрытых файлов
- '<SYSTEM32>\Windows Update v.618519.exe'
- fsav32.exe
- bdagent.exe
- AVP.EXE
- outpost.exe
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander]
- [<HKCU>\Software\Paltalk]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKCU>\Software\Microsoft\MessengerService]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- %APPDATA%\Stolen Passwords.txt
- %APPDATA%\Stolen CD Keys.txt
- %TEMP%\avira.cmd
- %HOMEPATH%\Local Settings\History\desktop.ini
- <SYSTEM32>\Windows Update v.618519.exe
- <SYSTEM32>\SytemInformation.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\desktop.ini
- <SYSTEM32>\Windows Update v.618519.exe
- 'sm##.gmail.com':587
- DNS ASK sm##.gmail.com
- ClassName: 'VMDragDetectWndClAss' WindowName: '(null)'