Техническая информация
- '%WINDIR%\inf\nvsvc.exe'
- '<SYSTEM32>\sc.exe' stop Evntconnections
- '<SYSTEM32>\sc.exe' delete Evntconnections
- '<SYSTEM32>\cmd.exe' /c <Текущая директория>\tmp.bat
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\inf\bftmp.bat
- <SYSTEM32>\NTSVC.ocx
- %WINDIR%\inf\nvsvc32.exe
- %WINDIR%\inf\bftmp.bat
- <Текущая директория>\tmp.bat
- %WINDIR%\inf\nvsvc.exe
- %WINDIR%\inf\7.055475
- %WINDIR%\inf\nvsvc32.exe в %WINDIR%\inf\7.055475
- из <Полный путь к вирусу> в <Текущая директория>\tmp.exe
- ClassName: '' WindowName: 'ENT58VIP2008'
- ClassName: '' WindowName: '??????'
- ClassName: '' WindowName: 'inf'
- ClassName: '' WindowName: 'iexplores'
- ClassName: '' WindowName: 'IM'
- ClassName: '' WindowName: 'Tlkwks'
- ClassName: '' WindowName: 'nvsvc32.exe - ??????'
- ClassName: '' WindowName: 'WINNET - ??????'
- ClassName: '' WindowName: 'rejoice'
- ClassName: '' WindowName: '???'
- ClassName: '' WindowName: 'WINNET'
- ClassName: '' WindowName: 'WINNET:WINNET - ??????'
- ClassName: '' WindowName: 'WINNET: WINNET - ??????'