Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinUpdate' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winlive' = '%WINDIR%\3nvy\alg.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Live Messenger' = '%WINDIR%\3nvy\wmiprvse.exe'
- '%WINDIR%\3nvy\alg.exe'
- '%WINDIR%\3nvy\wmiprvse.exe'
- '%WINDIR%\3nvy\SCP.exe'
- '<SYSTEM32>\regsvr32.exe' /u -s "c:\arquivos de programas\scpad\scpsssh2.dll"
- '<SYSTEM32>\regsvr32.exe' /u -s "c:\arquivos de programas\scpad\sshib.dll"
- '<SYSTEM32>\regsvr32.exe' /u -s "c:\arquivos de programas\scpad\scpLIB.dll"
- '<SYSTEM32>\regsvr32.exe' /u -s "c:\arquivos de programas\scpad\scpMIB.dll"
- %WINDIR%\3nvy\wmiprvse.exe
- %WINDIR%\3nvy\scpLIB.dll
- %WINDIR%\3nvy\alg.exe
- %WINDIR%\3nvy\scpMIB.dll
- %WINDIR%\3nvy\scpsssh2.dll
- %WINDIR%\3nvy\SCP.exe
- %WINDIR%\3nvy\scpIBCfg.bin
- %WINDIR%\3nvy\sshib.dll
- 'fo###9032.com':80
- http://fo###9032.com/login.php
- DNS ASK fo###9032.com
- ClassName: '' WindowName: 'Certificado'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''