Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\5080376f] 'Start' = '00000002'
- <SYSTEM32>\midimap.dll файлом <SYSTEM32>\midimap.dll
- '%TEMP%\2b57b.exe'
- '%TEMP%\25a0d.tmp'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\cmd.exe' /c %TEMP%\ahnmove.bat
- %TEMP%\fTq3.dll
- %TEMP%\eYh8f.dll
- <DRIVERS>\5080376f.sys
- <SYSTEM32>\ws2tcpip.dll
- %TEMP%\ahnmove.bat
- %TEMP%\w22HDhiDfy.dll
- <SYSTEM32>\wshtcpip.dll
- %TEMP%\yhsys\doit.rar
- %TEMP%\2b57b.exe
- <Полный путь к вирусу>
- %TEMP%\25a0d.tmp
- %TEMP%\A1.zip
- %TEMP%\D1.zip
- %TEMP%\C1.zip
- %TEMP%\B1.zip
- %TEMP%\2b57b.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\mail[1].asp
- <SYSTEM32>\wshtcpip.dll
- <SYSTEM32>\midimap.dll
- '66.##.183.192':80
- 'www.mi####penpop.com':80
- 66.##.183.192/mail.asp?ma##########################################################################################################################
- www.mi####penpop.com/xml/mupope.txt
- www.mi####penpop.com/com/tact.php?ma###############################
- DNS ASK www.mi####penpop.com
- ClassName: 'Indicator' WindowName: ''