Техническая информация
- '%TEMP%\nsd364D.tmp\<Имя вируса>.exe'
- '%TEMP%\nsy35EF.tmp\lzma.exe' "d" "%TEMP%\nsy35EF.tmp\inst.dat" "%TEMP%\nsd364D.tmp\Launcher.exe"
- '%TEMP%\nsy35EF.tmp\ns3D12.tmp' "%TEMP%\nsy35EF.tmp\lzma.exe" "d" "%TEMP%\nsy35EF.tmp\inst.dat" "%TEMP%\nsd364D.tmp\Launcher.exe"
- %TEMP%\nsy35EF.tmp\ns3D12.tmp
- %TEMP%\nsy35EF.tmp\nsExec.dll
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\fallback[1].gif
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\links[1].htm
- %TEMP%\nsd364D.tmp\Launcher.exe
- %TEMP%\nsy35EF.tmp\Infotext.dat
- %TEMP%\nsy35EF.tmp\lzma.exe
- %TEMP%\nsy35EF.tmp\System.dll
- %TEMP%\nsy35EF.tmp\inst.dat
- %TEMP%\nsy35EF.tmp\DcryptDll.dll
- %TEMP%\nsy35EF.tmp\launkeys.dat
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\links[1].htm
- %TEMP%\nsy35EF.tmp\Infotext.dat
- %TEMP%\nsy35EF.tmp\ns3D12.tmp
- %TEMP%\nsd364D.tmp\Launcher.exe в %TEMP%\nsd364D.tmp\<Имя вируса>.exe
- 'tr######.brownswitch.com':80
- tr######.brownswitch.com/webinst/links/fallback.gif?ms###################################################
- tr######.brownswitch.com/webinst/links
- DNS ASK tr######.brownswitch.com
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''