Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\VM7] 'Start' = '00000002'
- 'C:\Documents and Settings\carss.exe' yy.tmp WWW "&del "C:\Documents and Settings\fw.bat"
- '<SYSTEM32>\sc.exe' \\10.0.0.2 config "VM7" binpath= "cmd.exe /c C:\Documents and Settings\yy.bat" start= auto type= interact type= own obj= localsystem password= ""
- '<SYSTEM32>\sc.exe' \\10.0.0.2 create "VM7" binpath= "cmd.exe /c C:\Documents and Settings\yy.bat" start= auto type= interact type= own displayname= "NVIDIA Driver Helper"
- '<SYSTEM32>\cmd.exe' /c "C:\Documents and Settings\fw.bat"
- C:\Documents and Settings\fw.bat
- C:\Documents and Settings\yy.bat
- \Device\LanmanRedirector\10.0.0.2\pipe\svcctl
- C:\Documents and Settings\yy.tmp
- C:\Documents and Settings\carss.exe
- %ALLUSERSPROFILE%\tmp~1.ini
- из <Полный путь к вирусу> в C:\ИИґшУг.scr
- 'cy###0.3322.org':8999
- '<IP-адрес в локальной сети>':139
- '<IP-адрес в локальной сети>':445
- DNS ASK cy###0.3322.org