Техническая информация
- '%TEMP%\P2PSearcher\P2PSearcher.exe'
- '%PROGRAM_FILES%\ThunderSpeed1[1].0.3.32.exe'
- '<SYSTEM32>\regsvr32.exe' %WINDIR%\Media\ActiveX.ocx /s
- %TEMP%\P2PSearcher\p2p.dll
- %TEMP%\P2PSearcher\yunbo.rds
- %TEMP%\P2PSearcher\msvcr71.dll
- %TEMP%\P2PSearcher\nodes.dat
- <Полный путь к вирусу>
- %WINDIR%\Media\Desktop.ini:dbase.ldb
- %WINDIR%\Media\ActiveX.ocx
- %TEMP%\P2PSearcher.exe.1408750024.dmp
- %WINDIR%\Media\Desktop.ini:dbase.mdb
- %TEMP%\P2PSearcher\P2PSearcher.exe
- %TEMP%\P2PSearcher\P2PSearcher.rds
- %PROGRAM_FILES%\ThunderSpeed1[1].0.3.32.exe
- %TEMP%\nsw2.tmp
- %TEMP%\P2PSearcher\YunBo.exe
- %TEMP%\P2PSearcher\kad.dll
- %TEMP%\P2PSearcher\msvcp71.dll
- %TEMP%\P2PSearcher\atl71.dll
- %TEMP%\P2PSearcher\bootstrap.dat
- %TEMP%\P2PSearcher\P2PSearcher.rds
- %TEMP%\P2PSearcher\P2PSearcher.exe
- %TEMP%\P2PSearcher\p2p.dll
- %WINDIR%\Media\Desktop.ini:dbase.ldb
- %TEMP%\P2PSearcher\yunbo.rds
- %TEMP%\P2PSearcher\YunBo.exe
- %TEMP%\P2PSearcher\kad.dll
- %TEMP%\P2PSearcher\bootstrap.dat
- %TEMP%\P2PSearcher\atl71.dll
- %TEMP%\P2PSearcher\nodes.dat
- %TEMP%\P2PSearcher\msvcr71.dll
- %TEMP%\P2PSearcher\msvcp71.dll
- из <Полный путь к вирусу> в %TEMP%\154453\...\TemporaryFile
- 'p2#####cher.ayux.net':80
- 'www.p2####rchers.com':80
- p2#####cher.ayux.net/x.gz
- www.p2####rchers.com/clientdata/setting.lua
- DNS ASK p2#####cher.ayux.net
- DNS ASK www.p2####rchers.com
- ClassName: 'Shell_TrayWnd' WindowName: ''