Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'JavaUpdater' = '%WINDIR%\JavaUpdater.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{1E0E2413-2971-4CB9-B57B-F984693BA789}] 'StubPath' = '%WINDIR%\JavaUpdater.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,%WINDIR%\JavaUpdater.exe'
- '%PROGRAM_FILES%\TEST.EXE'
- '%PROGRAM_FILES%\FOLLOWTOOL.EXE'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\cmd.exe
- %PROGRAM_FILES%\TEST.EXE
- %WINDIR%\JavaUpdater.exe
- %WINDIR%\Images\%USERNAME%\18-11-2014\14.52.15
- %TEMP%\aut1.tmp
- %TEMP%\FuckAvs.bin
- %PROGRAM_FILES%\FOLLOWTOOL.EXE
- %TEMP%\FuckAvs.bin
- %TEMP%\aut1.tmp
- 'ro#.#o-ip.biz':135
- 'ro#.#o-ip.biz':1604
- 'ro#.#o-ip.biz':2000
- 'ro#.#o-ip.biz':81
- 'ro#.#o-ip.biz':1800
- 'ro#.#o-ip.biz':1500
- DNS ASK ro#.#o-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''