Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SMSERIALSTARTER' = '"%WINDIR%\win32st.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SMSERIALWORKERSTARTER' = '"%WINDIR%\winstrse.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SMSERIALWORKSTARTER' = '"%WINDIR%\comsysobj.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SMSERIALWORKERSTART' = '"%WINDIR%\shellexcon.exe"'
- %TEMP%\notepad.exe
- %WINDIR%\winstrse.exe
- %TEMP%\calc.exe
- %TEMP%\nsk2.tmp\ns3.tmp %TEMP%\calc.exe
- %WINDIR%\win32st.exe
- %WINDIR%\comsysobj.exe
- %TEMP%\spacecodec4226.exe
- %WINDIR%\shellexcon.exe
- %WINDIR%\hllibex.exe
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\1.bat" <Полный путь к вирусу> %TEMP%\SPACEC~1.EXE <Полный путь к вирусу>"
- %TEMP%\calc.exe
- %WINDIR%\winstrse.exe
- %WINDIR%\win32st.exe
- %TEMP%\nsk2.tmp\DcryptDll.dll
- %TEMP%\notepad.exe
- %WINDIR%\wmstrbum.exe
- %TEMP%\nsk2.tmp\ns3.tmp
- <SYSTEM32>\kdptd.exe
- %TEMP%\nsk2.tmp\nsExec.dll
- <Текущая директория>\1.bat
- %TEMP%\freebsd.exe
- %TEMP%\linux
- %WINDIR%\comsysobj.exe
- %WINDIR%\config.ini
- %WINDIR%\tromomwin32.exe
- %TEMP%\spacecodec4226.exe
- %WINDIR%\sysobjwertb.dll
- %WINDIR%\cracrwinz.exe
- %WINDIR%\shellexcon.exe
- %TEMP%\freebsd.exe.dat
- %TEMP%\calc.exe.dat
- %WINDIR%\hllibex.exe
- %TEMP%\notepad.exe.dat