Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6CB1CEE0-2506-11d3-BB7C-444553540000}] 'ClsidExtension' = '{D6862A22-1DD6-11D3-BB7C-444553540000}'
- '%PROGRAM_FILES%\winzip\iedw.exe'
- '%WINDIR%\regedit.exe' /s <SYSTEM32>\bho.reg
- '<SYSTEM32>\regsvr32.exe' /s <SYSTEM32>\BHO.dll
- '<SYSTEM32>\net.exe' stop sharedaccess
- '<SYSTEM32>\net1.exe' stop sharedaccess
- %ALLUSERSPROFILE%\Application Data\now.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\baidu[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\baidu[1]
- %PROGRAM_FILES%\winzip\iedw.exe
- <SYSTEM32>\BHO.dll
- <SYSTEM32>\bho.reg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\baidu[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\baidu[1]
- из <Полный путь к вирусу> в %PROGRAM_FILES%\winzip\ctfmom.exe
- '12#.#25.114.144':80
- 'localhost':1038
- 'localhost':1037
- 12#.#25.114.144/
- DNS ASK js.##ers.51.la
- DNS ASK www.jy##e.com
- DNS ASK www.ba##u.com
- DNS ASK www.pe###boy.net
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '??'
- ClassName: 'Notepad' WindowName: '(null)'
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'