Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SuperSystemOptimizer' = '<Полный путь к вирусу>'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\CSC1.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\scm5xuz3.cmdline"
- %TEMP%\scm5xuz3.dll
- %TEMP%\RES2.tmp
- %TEMP%\22D6F.dmp
- %TEMP%\dw.log
- %TEMP%\scm5xuz3.cmdline
- %TEMP%\scm5xuz3.0.cs
- %TEMP%\CSC1.tmp
- %TEMP%\scm5xuz3.out
- %TEMP%\scm5xuz3.dll
- %TEMP%\scm5xuz3.cmdline
- %TEMP%\scm5xuz3.0.cs
- %TEMP%\RES2.tmp
- %TEMP%\CSC1.tmp
- %TEMP%\scm5xuz3.out
- 'ap#.#ostip.info':80
- 'sy#######ervices.pipalsoft.com':80
- 'wp#d':80
- 'www.pi###soft.com':80
- ap#.#ostip.info/get_json.php
- www.pi###soft.com/
- wp#d/wpad.dat
- sy#######ervices.pipalsoft.com/SystemOptimizerService.asmx
- DNS ASK ap#.#ostip.info
- DNS ASK sy#######ervices.pipalsoft.com
- DNS ASK wp#d
- DNS ASK www.pi###soft.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''