Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Windows 2' = '<SYSTEM32>\WindowsUpdat_96792.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Windows' = '%WINDIR%\WindowsUpdat_96792.exe'
- <SYSTEM32>\Mуdulo de Seguranзa.exe
- %WINDIR%\WindowsUpdat_96792.exe
- %ALLUSERSPROFILE%\Application Data\DYA_WHJEMWFJHEIUOQDFK\1.0.0:$SS_DESCRIPTOR_SBXNV9VVGV1BFRWGTV105L8YNFXWHKH9XVP6HNPFSVF7JB4VP4GF
- %APPDATA%\DYA_WHJEMWFJHEIUOQDFK\1.0.0\Data\dya.dat
- <SYSTEM32>\Mуdulo de Seguranзa.exe
- %ALLUSERSPROFILE%\Desktop:$SS_DESCRIPTOR_SBXNV9VVGV1BFRWGTV105L8YNFXWHKH9XVP6HNPFSVF7JB4VP4GF
- %WINDIR%\WindowsUpdat_96792.exe
- %WINDIR%\W22.zip
- %ALLUSERSPROFILE%\Application Data\DYA_WHJEMWFJHEIUOQDFK\1.0.0\Data\updates.dat
- %ALLUSERSPROFILE%\Application Data\DYA_WHJEMWFJHEIUOQDFK\1.0.0\Data\app.dat
- 'sm##.#map4all.com':25
- DNS ASK sm##.#map4all.com
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '<Имя вируса>'