Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'StartMenuX' = '%PROGRAM_FILES%\Start Menu X\StartMenuX.exe'
Вредоносные функции:
Создает и запускает на исполнение:
- '%TEMP%\_ir_sf_temp_0\Setup.exe' /SILENT
- '%TEMP%\is-946FO.tmp\Setup.tmp' /SL5="$300F0,4375377,54272,%TEMP%\_ir_sf_temp_0\Setup.exe" /SILENT
- '%WINDIR%\Temp\Start.Menu.X.Pro.4.01.exe'
- '%TEMP%\_ir_sf_temp_0\irsetup.exe' __IRAOFF:1740146 "__IRAFN:%WINDIR%\Temp\Start.Menu.X.Pro.4.01.exe" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-2052111302-484763869-725345543-1003"
Изменения в файловой системе:
Создает следующие файлы:
- %PROGRAM_FILES%\Start Menu X\Languages\is-842GE.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-JGQME.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-U6I0T.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-1MMAI.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-C4NJ8.tmp
- %PROGRAM_FILES%\Start Menu X\Skins\is-51IVM.tmp
- %PROGRAM_FILES%\Start Menu X\is-ORPAU.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-VURHM.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-FEODK.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-RSCVO.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-STO0C.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-PHHSG.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-GVMG0.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-PMFFE.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-I9245.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-VLQ72.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-4G9O9.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-1HIT2.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-DQMSE.tmp
- %PROGRAM_FILES%\Start Menu X\Languages\is-O29SA.tmp
- %PROGRAM_FILES%\Start Menu X\is-AAMTC.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\Start Menu X\Start Menu X.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Start Menu X\Group Manager.lnk
- %PROGRAM_FILES%\Start Menu X\is-9TECG.tmp
- %PROGRAM_FILES%\Start Menu X\is-RUQK4.tmp
- %PROGRAM_FILES%\Start Menu X\is-R9KCA.tmp
- %TEMP%\www.softpir.com Setup Log.txt
- %ALLUSERSPROFILE%\Desktop\Unattended Soft.url
- %PROGRAM_FILES%\Start Menu X\unins000.dat
- %ALLUSERSPROFILE%\Start Menu\Programs\Start Menu X\Start Menu X on the Web.url
- %ALLUSERSPROFILE%\Start Menu\Programs\Start Menu X\Uninstall Start Menu X.lnk
- %PROGRAM_FILES%\Start Menu X\is-U61NG.tmp
- %PROGRAM_FILES%\Start Menu X\is-BTP6E.tmp
- %PROGRAM_FILES%\Start Menu X\is-TK5TV.tmp
- %PROGRAM_FILES%\Start Menu X\is-5J7SP.tmp
- %PROGRAM_FILES%\Start Menu X\is-LUMA3.tmp
- %PROGRAM_FILES%\Start Menu X\is-HQ5NE.tmp
- %PROGRAM_FILES%\Start Menu X\is-DRM5B.tmp
- %PROGRAM_FILES%\Start Menu X\is-SRJFT.tmp
- %PROGRAM_FILES%\Start Menu X\is-N3KTD.tmp
- %PROGRAM_FILES%\Start Menu X\is-617DE.tmp
- %PROGRAM_FILES%\Start Menu X\is-2DC3G.tmp
- %PROGRAM_FILES%\Start Menu X\is-BH27F.tmp
- %PROGRAM_FILES%\Start Menu X\is-RIHCV.tmp
- %PROGRAM_FILES%\Start Menu X\is-3G5GQ.tmp
- %ALLUSERSPROFILE%\Application Data\StartMenuX\is-1P4NA.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-I4DBM.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-JFTJK.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-GDQ2U.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-JIBRH.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-VBB12.tmp
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %TEMP%\_ir_sf_temp_0\IRIMG1.JPG
- %TEMP%\_ir_sf_temp_0\lua5.1.dll
- %WINDIR%\Temp\Start.Menu.X.Pro.4.01.exe
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %TEMP%\is-NOK3I.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-NOK3I.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-946FO.tmp\Setup.tmp
- %TEMP%\_ir_sf_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf_temp_0\Setup.exe
- %PROGRAM_FILES%\Start Menu X\Icons\is-6I68J.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-6HCVB.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-NFT1V.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-0VKQS.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-K1SSQ.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-OH53E.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-LOSDP.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-PBG6B.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-99GAN.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-TPAC9.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-325I5.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-TN0EB.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-NHKBC.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-M47RC.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-RUEJL.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-OAHM8.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-I4U3S.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-2H45A.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-IKOH1.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-NCSJS.tmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-035IH.tmp
Удаляет следующие файлы:
- %TEMP%\_ir_sf_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf_temp_0\IRIMG1.JPG
- %TEMP%\_ir_sf_temp_0\Setup.exe
- %TEMP%\_ir_sf_temp_0\lua5.1.dll
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %TEMP%\is-946FO.tmp\Setup.tmp
- %PROGRAM_FILES%\Start Menu X\StartMenuXHook32.dll
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %PROGRAM_FILES%\Start Menu X\license.txt
- %TEMP%\is-NOK3I.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-NOK3I.tmp\_isetup\_RegDLL.tmp
Перемещает следующие файлы:
- %PROGRAM_FILES%\Start Menu X\Languages\is-U6I0T.tmp в %PROGRAM_FILES%\Start Menu X\Languages\Polish.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-842GE.tmp в %PROGRAM_FILES%\Start Menu X\Languages\Portuguese.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-1MMAI.tmp в %PROGRAM_FILES%\Start Menu X\Languages\Italian.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-C4NJ8.tmp в %PROGRAM_FILES%\Start Menu X\Languages\Japanese.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-RSCVO.tmp в %PROGRAM_FILES%\Start Menu X\Languages\Spanish.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-VURHM.tmp в %PROGRAM_FILES%\Start Menu X\Languages\Swedish.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-JGQME.tmp в %PROGRAM_FILES%\Start Menu X\Languages\Russian.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-FEODK.tmp в %PROGRAM_FILES%\Start Menu X\Languages\Simplified Chinese.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-PHHSG.tmp в %PROGRAM_FILES%\Start Menu X\Languages\Danish.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-DQMSE.tmp в %PROGRAM_FILES%\Start Menu X\Languages\Dutch.ini
- %PROGRAM_FILES%\Start Menu X\Icons\is-GVMG0.tmp в %PROGRAM_FILES%\Start Menu X\Icons\903670-rectangle-yellow.png
- %PROGRAM_FILES%\Start Menu X\Languages\is-STO0C.tmp в %PROGRAM_FILES%\Start Menu X\Languages\Czech.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-VLQ72.tmp в %PROGRAM_FILES%\Start Menu X\Languages\German.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-4G9O9.tmp в %PROGRAM_FILES%\Start Menu X\Languages\Hungarian.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-O29SA.tmp в %PROGRAM_FILES%\Start Menu X\Languages\English.ini
- %PROGRAM_FILES%\Start Menu X\Languages\is-1HIT2.tmp в %PROGRAM_FILES%\Start Menu X\Languages\French.ini
- %PROGRAM_FILES%\Start Menu X\is-SRJFT.tmp в %PROGRAM_FILES%\Start Menu X\Search.lnk
- %PROGRAM_FILES%\Start Menu X\is-HQ5NE.tmp в %PROGRAM_FILES%\Start Menu X\Setup.ico
- %PROGRAM_FILES%\Start Menu X\is-N3KTD.tmp в %PROGRAM_FILES%\Start Menu X\license.txt
- %PROGRAM_FILES%\Start Menu X\is-617DE.tmp в %PROGRAM_FILES%\Start Menu X\Run.lnk
- %PROGRAM_FILES%\Start Menu X\is-R9KCA.tmp в %PROGRAM_FILES%\Start Menu X\startmenu_pl.txt
- %PROGRAM_FILES%\Start Menu X\is-9TECG.tmp в %PROGRAM_FILES%\Start Menu X\license.txt
- %PROGRAM_FILES%\Start Menu X\is-DRM5B.tmp в %PROGRAM_FILES%\Start Menu X\StartMenuXHook.dll
- %PROGRAM_FILES%\Start Menu X\is-RUQK4.tmp в %PROGRAM_FILES%\Start Menu X\StartMenuXHook32.dll
- %PROGRAM_FILES%\Start Menu X\is-AAMTC.tmp в %PROGRAM_FILES%\Start Menu X\Default Programs.lnk
- %PROGRAM_FILES%\Start Menu X\is-5J7SP.tmp в %PROGRAM_FILES%\Start Menu X\Defaults.lnk
- %PROGRAM_FILES%\Start Menu X\Skins\is-51IVM.tmp в %PROGRAM_FILES%\Start Menu X\Skins\Aero Beta.vgstyle
- %PROGRAM_FILES%\Start Menu X\is-ORPAU.tmp в %PROGRAM_FILES%\Start Menu X\avatar.bmp
- %PROGRAM_FILES%\Start Menu X\is-U61NG.tmp в %PROGRAM_FILES%\Start Menu X\Help.lnk
- %PROGRAM_FILES%\Start Menu X\is-BTP6E.tmp в %PROGRAM_FILES%\Start Menu X\Internet.lnk
- %PROGRAM_FILES%\Start Menu X\is-LUMA3.tmp в %PROGRAM_FILES%\Start Menu X\E-mail.lnk
- %PROGRAM_FILES%\Start Menu X\is-TK5TV.tmp в %PROGRAM_FILES%\Start Menu X\groups.bmp
- %PROGRAM_FILES%\Start Menu X\Icons\is-I9245.tmp в %PROGRAM_FILES%\Start Menu X\Icons\903660-rectangle-red.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-6I68J.tmp в %PROGRAM_FILES%\Start Menu X\Icons\011000-home.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-RUEJL.tmp в %PROGRAM_FILES%\Start Menu X\Icons\017000-breafcase.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-I4DBM.tmp в %PROGRAM_FILES%\Start Menu X\Icons\009000-media.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-JFTJK.tmp в %PROGRAM_FILES%\Start Menu X\Icons\010000-scaner.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-TN0EB.tmp в %PROGRAM_FILES%\Start Menu X\Icons\020000-question-book.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-NHKBC.tmp в %PROGRAM_FILES%\Start Menu X\Icons\024000-laptop.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-OAHM8.tmp в %PROGRAM_FILES%\Start Menu X\Icons\017500-pda.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-M47RC.tmp в %PROGRAM_FILES%\Start Menu X\Icons\019400-palette2.png
- %PROGRAM_FILES%\Start Menu X\is-RIHCV.tmp в %PROGRAM_FILES%\Start Menu X\StartMenuX.exe
- %PROGRAM_FILES%\Start Menu X\is-2DC3G.tmp в %PROGRAM_FILES%\Start Menu X\TidyStartMenu.exe
- %PROGRAM_FILES%\Start Menu X\is-3G5GQ.tmp в %PROGRAM_FILES%\Start Menu X\unins000.exe
- %ALLUSERSPROFILE%\Application Data\StartMenuX\is-1P4NA.tmp в %ALLUSERSPROFILE%\Application Data\StartMenuX\startmenu.txt
- %PROGRAM_FILES%\Start Menu X\Icons\is-VBB12.tmp в %PROGRAM_FILES%\Start Menu X\Icons\004500-printer.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-GDQ2U.tmp в %PROGRAM_FILES%\Start Menu X\Icons\008500-audio.png
- %PROGRAM_FILES%\Start Menu X\is-BH27F.tmp в %PROGRAM_FILES%\Start Menu X\StartMenuXHook32.dll
- %PROGRAM_FILES%\Start Menu X\Icons\is-JIBRH.tmp в %PROGRAM_FILES%\Start Menu X\Icons\002400-cd-burn.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-TPAC9.tmp в %PROGRAM_FILES%\Start Menu X\Icons\664200-office-button2.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-325I5.tmp в %PROGRAM_FILES%\Start Menu X\Icons\700000-rabbit.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-6HCVB.tmp в %PROGRAM_FILES%\Start Menu X\Icons\600500-airplane.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-NFT1V.tmp в %PROGRAM_FILES%\Start Menu X\Icons\602000-car.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-PBG6B.tmp в %PROGRAM_FILES%\Start Menu X\Icons\903640-rectangle-blue.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-PMFFE.tmp в %PROGRAM_FILES%\Start Menu X\Icons\903650-rectangle-green.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-99GAN.tmp в %PROGRAM_FILES%\Start Menu X\Icons\802500-helmet.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-LOSDP.tmp в %PROGRAM_FILES%\Start Menu X\Icons\850200-smile.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-IKOH1.tmp в %PROGRAM_FILES%\Start Menu X\Icons\252500-user-sun-glasses.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-I4U3S.tmp в %PROGRAM_FILES%\Start Menu X\Icons\401500-monitoring-device.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-NCSJS.tmp в %PROGRAM_FILES%\Start Menu X\Icons\030000-gamepad.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-035IH.tmp в %PROGRAM_FILES%\Start Menu X\Icons\031200-screen.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-OH53E.tmp в %PROGRAM_FILES%\Start Menu X\Icons\505500-safe.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-0VKQS.tmp в %PROGRAM_FILES%\Start Menu X\Icons\506500-office-building.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-2H45A.tmp в %PROGRAM_FILES%\Start Menu X\Icons\450000-chart.png
- %PROGRAM_FILES%\Start Menu X\Icons\is-K1SSQ.tmp в %PROGRAM_FILES%\Start Menu X\Icons\500000-index-card.png
Другое:
Ищет следующие окна:
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
