Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PgScheduler' = '%WINDIR%\PgScheduler.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'PgScheduler' = '%WINDIR%\PgScheduler.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PgScheduler' = '%WINDIR%\<Имя вируса>.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'PgScheduler' = '%WINDIR%\<Имя вируса>.exe'
- '%WINDIR%\PgScheduler.exe'
- '%TEMP%\pgkill.exe' PgScheduler
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\mswinsck.ocx"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\PgSchedCmd.Bat
- '<SYSTEM32>\taskkill.exe' /f /im PgScheduler.exe
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\cdosys.dll"
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\mscomm32.ocx"
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\msinet.ocx"
- %TEMP%\PgSchedCmd.Bat
- %TEMP%\pgkill.exe
- %WINDIR%\PgSched.Log
- %WINDIR%\PgScheduler.exe
- %TEMP%\PgScheduler.exe
- <SYSTEM32>\Msinet.ocx
- <SYSTEM32>\MSCOMM32.OCX
- <Текущая директория>\PgSched.Log
- <SYSTEM32>\MSWINSCK.OCX
- %TEMP%\pgkill.exe
- %TEMP%\PgScheduler.exe
- 'pg####puting.com':80
- 'localhost':1036
- pg####puting.com/PgScheduler$/TheCmd.txt
- DNS ASK pg####puting.com
- ClassName: '' WindowName: ''
- ClassName: 'Indicator' WindowName: ''