Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'windows_security' = '%WINDIR%\svchosts.exe'
- C:\ok.exe
- C:\ok.exe (загружен из сети Интернет)
- <SYSTEM32>\net1.exe stop /y "avast! iAVS4 Control Service"
- <SYSTEM32>\net.exe stop /y "avast! iAVS4 Control Service"
- <SYSTEM32>\net1.exe stop /y "avast! Antivirus"
- <SYSTEM32>\cmd.exe /c ""%TEMP%\selfdel0.bat" "
- <SYSTEM32>\cscript.exe %WINDIR%\start.vbs
- <SYSTEM32>\cscript.exe %WINDIR%\1.vbs
- <SYSTEM32>\taskkill.exe /f /im AYServiceNT.aye
- <SYSTEM32>\taskkill.exe /f /im AYAgent.aye
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\batfile.bat" "
- <SYSTEM32>\net.exe stop /y "avast! Antivirus"
- <SYSTEM32>\net1.exe stop ALYac_PZSrv
- <SYSTEM32>\net.exe stop ALYac_PZSrv
- C:\ok.exe
- %WINDIR%\start.vbs
- %TEMP%\selfdel0.bat
- %TEMP%\1.tmp\batfile.bat
- %WINDIR%\1.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ok[1].exe
- %TEMP%\1.tmp\batfile.bat
- %WINDIR%\start.vbs
- %WINDIR%\1.vbs
- 'ko####1234.vicp.net':80
- 'localhost':1035
- ko####1234.vicp.net/ok.exe
- DNS ASK ko####1234.vicp.net
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''