Техническая информация
- [<HKLM>\SOFTWARE\Classes\.ghi\shell\open\command] '' = 'rundll32.exe "%PROGRAM_FILES%\wisesoft\xec.cc" xxx '
- %TEMP%\is-USTO5.tmp\is-BSRV1.tmp /SL4 $40032 "<Полный путь к вирусу>" 94029 52224
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\wisesoft\gen.nn" ggg
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\wisesoft\qtc.dll" unknown
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\wisesoft\idi.ii" gis
- %WINDIR%\regedit.exe -s "%PROGRAM_FILES%\wisesoft\xec.err"
- %PROGRAM_FILES%\wisesoft\is-E776I.tmp
- %PROGRAM_FILES%\wisesoft\is-5PFQQ.tmp
- %PROGRAM_FILES%\wisesoft\is-OLL9I.tmp
- %PROGRAM_FILES%\wisesoft\is-SHG9V.tmp
- %PROGRAM_FILES%\wisesoft\is-57J91.tmp
- %PROGRAM_FILES%\wisesoft\is-T4EG6.tmp
- %PROGRAM_FILES%\wisesoft\unins000.dat
- C:\csrss.dat
- %PROGRAM_FILES%\wisesoft\is-EOKE7.tmp
- %PROGRAM_FILES%\wisesoft\is-11HCB.tmp
- %PROGRAM_FILES%\wisesoft\is-FBNFF.tmp
- %TEMP%\is-BRRS1.tmp\reg.gg
- %PROGRAM_FILES%\wisesoft\is-7A0H1.tmp
- %TEMP%\is-BRRS1.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-USTO5.tmp\is-BSRV1.tmp
- %TEMP%\is-BRRS1.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\wisesoft\is-BGGMC.tmp
- %PROGRAM_FILES%\wisesoft\is-7OTN0.tmp
- %PROGRAM_FILES%\wisesoft\is-1IA0G.tmp
- %PROGRAM_FILES%\wisesoft\is-22M6V.tmp
- %PROGRAM_FILES%\wisesoft\is-0K5UC.tmp
- %PROGRAM_FILES%\wisesoft\is-GBE8J.tmp
- %TEMP%\is-BRRS1.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-USTO5.tmp\is-BSRV1.tmp
- %TEMP%\is-BRRS1.tmp\reg.gg
- %TEMP%\is-BRRS1.tmp\_isetup\_RegDLL.tmp
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''