Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'c:\progra~2\winsys~1\winsys~1.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\services\8ffb8f2d] 'Start' = '00000002'
- '<SYSTEM32>\rundll32.exe' "c:\progra~2\winsys~1\WinsysfilterSvc.dll",service
- '<SYSTEM32>\rundll32.exe' "c:\progra~2\winsys~1\WinsysfilterSvc.dll",service -install
- chrome.exe
- firefox.exe
- iexplore.exe
- C:\ProgramData\Win sys filter\WinsysfilterSvc.dll
- C:\ProgramData\Win sys filter\Winsysfilter.dll
- %TEMP%\tf00294823.dll
- <Полный путь к вирусу>
- %TEMP%\tf00294823.dll
- DNS ASK pr#####rivergold.info
- DNS ASK li####ivernet.info
- DNS ASK li####iverget.info
- DNS ASK li####iverset.info
- DNS ASK ap#####tionmyweb.info
- DNS ASK in#####drivergold.info
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Shell_TrayWnd' WindowName: ''