Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Virus' = '<SYSTEM32>\iiexplorer.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\start.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\yoyoddos ] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\ESudisk] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\ESudisk] 'Start' = '00000000'
- '<SYSTEM32>\yoyoddos.exe'
- '%WINDIR%\Temp\Perfdata_b74.dat' -install c -password 9989395
- '<SYSTEM32>\server.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\yoyoddos.exe
- <DRIVERS>\Esudisk.sys
- %WINDIR%\Temp\Perfdata_b74.dat
- <SYSTEM32>\server.exe
- <SYSTEM32>\iiexplorer.exe
- %WINDIR%\Temp\Perfdata_b74.dat
- <SYSTEM32>\server.exe
- %WINDIR%\bootstat.dat в %WINDIR%\bootstat.bak
- '23.##4.215.217':2009
- '12#.#25.114.144':80
- 12#.#25.114.144/
- DNS ASK www.ba##u.com