Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- [<HKLM>\SYSTEM\ControlSet002\Services\zwvwdu] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet003\Services\zwvwdu] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SVKP] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\zwvwdu] 'Start' = '00000002'
- '%TEMP%\IXP000.TMP\ёґјю1~1.EXE'
- '<SYSTEM32>\svchost.exe' -k zwvwdu
- <SYSTEM32>\0004ade5.ini
- <SYSTEM32>\yvslup.dll
- <SYSTEM32>\SVKP.sys
- %TEMP%\IXP000.TMP\ёґјю1~1.EXE
- %TEMP%\IXP000.TMP\ёґјю1~1.EXE
- '16#.#54.185.216':80
- 16#.#54.185.216/20130410/171842/192281.jsp
- 16#.#54.185.216/20130410/171855/205546.jsp
- 16#.#54.185.216/20130410/171909/219343.jsp
- 16#.#54.185.216/20130410/171828/178625.jsp
- 16#.#54.185.216/20130410/171747/136953.jsp
- 16#.#54.185.216/20130410/171801/151093.jsp
- 16#.#54.185.216/20130410/171815/164812.jsp