Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SharedAPPs' = '%WINDIR%\system\<Имя вируса>.exe'
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\del.bat""
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\GbPluggin\gbiehdst.dll"
- %WINDIR%\regedit.exe /s %WINDIR%\sharedapp.reg
- %PROGRAM_FILES%\GbPluggin\gbplib.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\gbplib[1].js
- %PROGRAM_FILES%\GbPluggin\gbppdist.dll
- <Текущая директория>\del.bat
- %PROGRAM_FILES%\GbPluggin\gbppsv.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\gbppsv[1].js
- %WINDIR%\system\<Имя вируса>.exe
- %WINDIR%\sharedapp.reg
- %PROGRAM_FILES%\GbPluggin\svchost
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\gbppdist[1].js
- %PROGRAM_FILES%\GbPluggin\gbiehdst.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gbiehdst[1].js
- %WINDIR%\system\<Имя вируса>.exe
- %WINDIR%\sharedapp.reg
- 'be######llday.fileave.com':80
- 'localhost':1036
- be######llday.fileave.com/gbplib.js
- be######llday.fileave.com/gbppsv.js
- be######llday.fileave.com/gbiehdst.js
- be######llday.fileave.com/gbppdist.js
- DNS ASK be######llday.fileave.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'wPrimeira' WindowName: ''