Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'update' = '%TEMP%\FixSystem.exe'
- '%TEMP%\FixSystem.exe'
- '<SYSTEM32>\attrib.exe' -A -S -H "<Полный путь к вирусу>"
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\SelfDelete.bat" "
- '<SYSTEM32>\taskkill.exe' /f /im <Имя вируса>.exe
- C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
- %TEMP%\SelfDelete.bat
- %TEMP%\FixSystem.exe
- %TEMP%\FixSystem.exe
- 'is####t.no-ip.org':23001
- 'is####t.no-ip.org':23000
- DNS ASK is####t.no-ip.org
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''