Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\abp480n5] 'Start' = '00000002'
- '%TEMP%\<Имя вируса>.exe'
- '<SYSTEM32>\net1.exe' start abp480n5
- '<SYSTEM32>\ping.exe' localhost -n 2
- '<SYSTEM32>\ping.exe' localhost -n 3
- %WINDIR%\LastGood\TMP2.tmp
- <DRIVERS>\SET4.tmp
- <SYSTEM32>\dllcache\abp480n5.sys.new
- %TEMP%\<Имя вируса>.exe
- %WINDIR%\abp480n5s
- <DRIVERS>\SET1.tmp
- <DRIVERS>\SET1.tmp
- %TEMP%\<Имя вируса>.exe
- <DRIVERS>\abp480n5.sys в <DRIVERS>\OLD3.tmp
- <DRIVERS>\SET4.tmp в <DRIVERS>\abp480n5.sys
- %WINDIR%\abp480n5s в <DRIVERS>\abp480n5.sys
- %WINDIR%\LastGood\TMP2.tmp в %WINDIR%\LastGood\system32\drivers\abp480n5.sys
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''