Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'MSSE' = '<LS_APPDATA>\mysocialcolor.exe /S /rvt /uninstallAll /mds /enblChx /aflt=24516 /instlRef=cm9qb3wxMDI2YTc0MzU5NmM5YzVmMTZiNTU1ZWUxNjBiNjU='
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Google updater' = '<LS_APPDATA>\Google\Chrome\chromeupdater.exe /instlRef=cm9qb3wxMDI2YTc0MzU5NmM5YzVmMTZiNTU1ZWUxNjBiNjU= /VERYSILENT'
- '%TEMP%\is-FRMS4.tmp\<Имя вируса>.tmp' /SL5="$30092,646957,56832,<Полный путь к вирусу>"
- %TEMP%\is-M655U.tmp\chromeupdater.exe
- <LS_APPDATA>\mysocialcolor.exe
- %TEMP%\is-M655U.tmp\itdownload.dll
- %TEMP%\is-FRMS4.tmp\<Имя вируса>.tmp
- %TEMP%\is-M655U.tmp\_isetup\_shfoldr.dll
- 'vf####.earching.info':80
- vf####.earching.info/toolbar
- DNS ASK vf####.earching.info
- ClassName: 'Shell_TrayWnd' WindowName: ''