Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\wepop] 'Start' = '00000002'
- '%PROGRAM_FILES%\wepop\wepsv.exe'
- '%PROGRAM_FILES%\wepop\wepop.exe'
- '%APPDATA%\temp\Setwepop_ez02_h.exe'
- '%PROGRAM_FILES%\wepop\wepsv.exe' i
- '<SYSTEM32>\cmd.exe' /c \DelUS.bat
- '<SYSTEM32>\cmd.exe' /c ""<Полный путь к вирусу>_del.bat" "
- %PROGRAM_FILES%\wepop\wepsv.exe
- %PROGRAM_FILES%\wepop\wepop.exe
- %PROGRAM_FILES%\wepop\uninst.exe
- C:\DelUS.bat
- %TEMP%\nst5.tmp\SelfDelete.dll
- %APPDATA%\temp\Setwepop_ez02_h.exe
- %TEMP%\nse2.tmp
- %TEMP%\nsa3.tmp\nsCommands3.dll
- <Полный путь к вирусу>_del.bat
- %TEMP%\nsa3.tmp\nsSelfDel.dll
- %TEMP%\nst5.tmp\SelfDelete.dll
- %APPDATA%\temp\Setwepop_ez02_h.exe
- %TEMP%\nsa3.tmp\nsCommands3.dll
- %TEMP%\nsa3.tmp\nsSelfDel.dll
- 'www.ez###up.co.kr':80
- www.ez###up.co.kr/log/?mo#########################################
- DNS ASK www.ez###up.co.kr