Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'GoogleZBMachine' = '%WINDIR%\76487-642-2544634-23457\isasms32.exe'
- '%WINDIR%\76487-642-2544634-23457\isasms32.exe' <Полный путь к вирусу>
- %WINDIR%\76487-642-2544634-23457\x1bx00x0d.dll
- %WINDIR%\76487-642-2544634-23457\x1bx00x0e.dll
- %WINDIR%\76487-642-2544634-23457\x1bx00x0c.dll
- %WINDIR%\76487-642-2544634-23457\x1bx00x0a.dll
- %WINDIR%\76487-642-2544634-23457\x1bx00x0b.dll
- %WINDIR%\76487-642-2544634-23457\AutoIndexSettings.dll
- %WINDIR%\76487-642-2544634-23457\isasms32.exe
- %WINDIR%\76487-642-2544634-23457\x1bx00x0h.dll
- %WINDIR%\76487-642-2544634-23457\x1bx00x0f.dll
- %WINDIR%\76487-642-2544634-23457\x1bx00x0g.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\pazar123[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pazar123[1]
- 'tw##ter.com':80
- 'localhost':1036
- tw##ter.com/pazar123
- DNS ASK tw##ter.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''