Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Anti Virus Option.LNK
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '<SYSTEM32>\rundll32.exe' "%APPDATA%\sysninit.ocx" PDFShow
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %HOMEPATH%\Cookies\Q1JOSkVVRlVfVVJOWFlNQVYA_time
- %HOMEPATH%\Cookies\Q1JOSkVVRlVfVVJOWFlNQVYA_ini
- %HOMEPATH%\Cookies\Q1JOSkVVRlVfVVJOWFlNQVYA_boot
- %APPDATA%\tempname.txt
- %APPDATA%\sysninit.ocx
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\myezillw.dll
- <Полный путь к вирусу>
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\myezillw.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\myezillw.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\myezillw.dll
- %APPDATA%\sysninit.ocx
- %APPDATA%\tempname.txt
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- 'ma##.india.com':80
- 'www.cg######ckboard.twomini.com':80
- www.cg######ckboard.twomini.com/test2/Q1JOSkVVRlVfVVJOWFlNQVYA_ini_done
- ma##.india.com/login
- www.cg######ckboard.twomini.com/test2/serverok.html
- DNS ASK ma##.india.com
- DNS ASK www.cg######ckboard.twomini.com
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b48.b4c.380001'