Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svds' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinVNC4] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\TimeServer] 'Start' = '00000002'
- '<SYSTEM32>\vnm\winvnc4.exe' -service
- '<SYSTEM32>\vnm\MacBind.exe' /Service
- '<SYSTEM32>\vnm\svds.exe'
- '<SYSTEM32>\vnm\winvnc4.exe' -start
- '<SYSTEM32>\vnm\svchost.exe' install <Полный путь к вирусу>
- '<SYSTEM32>\vnm\svchost.exe'
- '<SYSTEM32>\vnm\winvnc4.exe' -register
- <SYSTEM32>\vnm\svds.exe
- <SYSTEM32>\vnm\MacBind.exe
- %TEMP%\nsw3.tmp\nsSCM.dll
- <SYSTEM32>\vnm\vnm-journal
- %TEMP%\nsw3.tmp\Registry.dll
- <SYSTEM32>\vnm\libmysql.dll
- <SYSTEM32>\vnm\svchost.exe
- %TEMP%\nsa2.tmp
- <SYSTEM32>\vnm\winvnc4.exe
- <SYSTEM32>\vnm\vnm
- <SYSTEM32>\vnm\wm_hooks.dll
- <SYSTEM32>\vnm\vnm-journal
- %TEMP%\nsw3.tmp\Registry.dll
- %TEMP%\nsw3.tmp\nsSCM.dll
- '23#.0.0.1':24803