Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sysdriver32_.exe' = '"%WINDIR%\sysdriver32_.exe" rezerv'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sysdriver32.exe' = '"%WINDIR%\sysdriver32.exe" rezerv'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>.exe' = '"<Полный путь к вирусу>"'
- [<HKLM>\SYSTEM\ControlSet001\Services\srvsysdriver32] 'Start' = '00000002'
- %WINDIR%\sysdriver32.exe rezerv srv
- <SYSTEM32>\sc.exe delete "srvsysdriver322"
- <SYSTEM32>\net1.exe stop "srvsysdriver322"
- <SYSTEM32>\sc.exe create "srvsysdriver32" binpath= "%WINDIR%\sysdriver32.exe srv" start= "auto"
- <SYSTEM32>\taskkill.exe /F /IM "sysdriver32_.exe"
- <SYSTEM32>\net1.exe start "srvsysdriver32"
- <SYSTEM32>\net.exe stop "srvsysdriver32"
- <SYSTEM32>\taskkill.exe /F /IM
- <SYSTEM32>\net1.exe stop "srvsysdriver32"
- <SYSTEM32>\net.exe stop "srvsysdriver322"
- <SYSTEM32>\sc.exe delete "srvsysdriver32"
- %WINDIR%\sysdriver32_.exe
- %WINDIR%\sysdriver32.exe
- '92.##9.117.244':8080
- '79.##5.2.186':8080
- '89.##4.96.30':8080
- '46.##8.183.30':8080
- '18#.#29.218.90':8080
- '21#.#08.41.251':8080
- '31.##3.73.92':8080
- '46.#9.10.86':8080
- '89.##8.196.22':8080
- '18#.#29.179.86':8080
- '93.##8.134.3':80
- '10#.#27.70.21':8080
- '77.##.21.117':8080
- '46.##8.69.67':8080
- '46.##1.233.161':8080
- '46.##6.64.142':8080
- DNS ASK ya.ru
- ClassName: '' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''