Техническая информация
- %WINDIR%\system\lssm.exe
- %WINDIR%\system\lssm.exe (загружен из сети Интернет)
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\MSWINSCK.OCX
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\MS[1].dll
- %WINDIR%\MSWINSCK.OCX
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\web[1].dll
- %WINDIR%\system\csrs.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\0bgOgT[1].sl
- %WINDIR%\system\lssm.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\Converter[1].dll
- %WINDIR%\Converter.dll
- %WINDIR%\ncftp.exe
- %WINDIR%\lssas.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\sas[1].ls
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\lssas[1].ls
- %WINDIR%\wget.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\ncftp[1].dll
- %WINDIR%\sas.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\wget[1].dll
- %TEMP%\~DF1B96.tmp
- из <Полный путь к вирусу> в %WINDIR%\Temp\~DF7KMM.TMP
- 'cf######xawsasw.myvnc.com':80
- 'localhost':1037
- cf######xawsasw.myvnc.com/inc/cm/21/res/MS.dll
- cf######xawsasw.myvnc.com/inc/cm/21/res/web.dll
- cf######xawsasw.myvnc.com/inc/cm/21/res/0bgOgT.sl
- cf######xawsasw.myvnc.com/inc/cm/21/res//Converter.dll
- cf######xawsasw.myvnc.com/inc/cm/21/res/sas.ls
- cf######xawsasw.myvnc.com/inc/cm/21/res/lssas.ls
- cf######xawsasw.myvnc.com/inc/cm/21/res/ncftp.dll
- cf######xawsasw.myvnc.com/inc/cm/21/res/wget.dll
- DNS ASK cf######xawsasw.myvnc.com