Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'SwUpdate' = '{003541A1-3BC0-1B1C-AAF3-040114001C01}'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\alg.exe' = '%TEMP%\alg.exe:*:Enabled:Application Layer Gateway Service'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] '%TEMP%\alg.exe' = '%TEMP%\alg.exe:*:Enabled:Application Layer Gateway Service'
- <SYSTEM32>\netsh.exe firewall add allowedprogram program = ""%TEMP%\alg.exe"" name = "Application Layer Gateway Service" mode = ENABLE scope = ALL profile = ALL
- %WINDIR%\Explorer.EXE
- %ALLUSERSPROFILE%\Application Data\Macromedia\SwUpdate\Ui.dtd
- %ALLUSERSPROFILE%\Application Data\Macromedia\SwUpdate\Local.dtd
- %ALLUSERSPROFILE%\Application Data\Macromedia\SwUpdate\UTemp.dtd
- %TEMP%\alg.exe
- %ALLUSERSPROFILE%\Application Data\Macromedia\SwUpdate\swupdate.dll
- из <Полный путь к вирусу> в %TEMP%\alg.exe