Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{bb334a1e-4254-43d7-8b92-3c020110d7d8}] 'StubPath' = '%TEMP%\rose.vbs'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d1d42bf-755b-423e-bb5a-4a6edf3b4003}] 'StubPath' = '%TEMP%\svchost.exe'
- '%TEMP%\svchost.exe'
- '%TEMP%\svchost.exe' (загружен из сети Интернет)
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen <Текущая директория>\bvf.png
- '<SYSTEM32>\attrib.exe' +r +s +h %TEMP%\svchost.exe
- '<SYSTEM32>\attrib.exe' +r +s +h %TEMP%\rose.vbs
- '<SYSTEM32>\wscript.exe' "%TEMP%\rose.vbs"
- [<HKCU>\Software\Valve\Steam]
- %TEMP%\svchost.exe
- %HOMEPATH%\Recent\bvf.lnk
- %HOMEPATH%\Recent\bf32d3b0.lnk
- %TEMP%\aut1.tmp
- %TEMP%\rose.vbs
- <Текущая директория>\bvf.png
- %TEMP%\svchost.exe
- %TEMP%\rose.vbs
- %TEMP%\aut1.tmp
- 'xm##l.net':80
- 'ji##min.com':80
- xm##l.net/theplayer/checker.exe
- ji##min.com/-images/jiggmin-logo.png
- DNS ASK xm##l.net
- DNS ASK ji##min.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''