Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WinDiagnosis.exe' = '%APPDATA%\WinDiagnosis\WinDiagnosis.exe'
- '%APPDATA%\WinDiagnosis\WinDiagnosis.exe' _d "_1" <Полный путь к вирусу>
- '%WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe'
- '<SYSTEM32>\svchost.exe' -k HTTPFilter
- '<SYSTEM32>\svchost.exe' -k NetworkService
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\dllhost.exe' /Processid:{D7BA884D-10F4-4D2C-AC14-F944AE1B33CB}
- '<SYSTEM32>\svchost.exe' -k imgsvc
- '<SYSTEM32>\svchost.exe' -k rpcss
- '<SYSTEM32>\svchost.exe' -k LocalService
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %1
- '<SYSTEM32>\notepad.exe' %1
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\dmadmin.exe' /com
- '<SYSTEM32>\svchost.exe' -k DcomLaunch
- '<SYSTEM32>\dllhost.exe' /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
- %APPDATA%\WinDiagnosis\WinDiagnosis.exe
- 'ha####eatmentz.net':80
- ha####eatmentz.net/soap.php
- DNS ASK ha####eatmentz.net
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'