Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CVC' = '<SYSTEM32>\cvcini.exe'
- 'C:\helpupda.exe'
- 'C:\helpupda.exe' (загружен из сети Интернет)
- '<SYSTEM32>\attrib.exe' -h -a -r C:\circuln.doc
- '<SYSTEM32>\cmd.exe' /c ""C:\confiDel.bat""
- '<SYSTEM32>\taskkill.exe' /IM "gbpsv.exe" /F
- '<SYSTEM32>\attrib.exe' -h -a -r <SYSTEM32>\jiraia
- '<SYSTEM32>\cmd.exe' /c ""C:\updateGiz.bat""
- '<SYSTEM32>\cmd.exe' /c ""C:\ccleanall.bat""
- '<SYSTEM32>\attrib.exe' -h -a -r <SYSTEM32>\calc.dat
- C:\ccleanall.txt
- <SYSTEM32>\cvcini.exe
- C:\confiDel.txt
- %APPDATA%\channelando.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\tiri[1].gif
- C:\helpupda.gif
- C:\updateGiz.txt
- <Полный путь к вирусу>
- <SYSTEM32>\cvcini.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\tiri[1].gif
- C:\ccleanall.bat
- C:\updateGiz.bat
- C:\ccleanall.txt в C:\ccleanall.bat
- C:\confiDel.txt в C:\confiDel.bat
- C:\updateGiz.txt в C:\updateGiz.bat
- C:\helpupda.gif в C:\helpupda.exe
- 'localhost':1040
- 'lo#####amd.dnsdojo.org':80
- 'pa###.gidowns.net':80
- '69.##2.111.29':80
- lo#####amd.dnsdojo.org/tiri.gif
- 69.##2.111.29/update.ini
- pa###.gidowns.net/data/touch.php
- DNS ASK lo#####amd.dnsdojo.org
- DNS ASK pa###.gidowns.net
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'