Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Defender' = '%HOMEPATH%\My Documents\System Files\Windows Defender.exe'
- <SYSTEM32>\cmd.exe
- fsav.exe
- NAVAPW32.EXE
- fsavaui.exe
- fsav32.exe
- AVPM.EXE
- AVP32.EXE
- AVP.COM
- AVSYNMGR.EXE
- AVPCC.EXE
- ashAvSrv.exe
- ashAvast.exe
- AVP.EXE
- avgcc.exe
- AVGCTRL.EXE
- javaw.exe
- java.exe
- fsavgui.exe
- AVGCC32.EXE
- %TEMP%\5240A.dmp
- %TEMP%\dw.log
- из <Полный путь к вирусу> в %HOMEPATH%\My Documents\System Files\Windows Defender.exe
- 'hy#######stal.atwebpages.com':80
- 'db.tt':443
- 'wp#d':80
- 'ch####p.dyndns.org':80
- ch####p.dyndns.org/
- wp#d/wpad.dat
- hy#######stal.atwebpages.com/index.php
- DNS ASK ch####p.dyndns.org
- DNS ASK hy#######stal.atwebpages.com
- DNS ASK wp#d
- DNS ASK db.tt
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'