Техническая информация
- скрытых файлов
- Редактора реестра (RegEdit)
- '<SYSTEM32>\shutdown.exe' -a
- '<SYSTEM32>\net1.exe' start dcomlaunch
- '<SYSTEM32>\svchost.exe' -k DcomLaunch
- '<SYSTEM32>\net1.exe' start termservice
- '<SYSTEM32>\attrib.exe' +H +S +R <SYSTEM32>\termsrvs.dll
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\net.exe' stop sharedaccess
- '<SYSTEM32>\ntsd.exe' -c q -p 852
- '<SYSTEM32>\tasklist.exe' /SVC
- <SYSTEM32>\svchost.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSetFolders' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoControlPanel' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewOnDrive' = 'FFFFFFFF'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewContextMenu' = '00000001'
- <SYSTEM32>\Termsrvs.dll
- <Текущая директория>\PIDSVC
- <SYSTEM32>\Termsrvs.dll
- <Полный путь к вирусу>
- <Текущая директория>\PIDSVC
- 'sm##.qq.com':25
- 'www.cz##.net':80
- www.cz##.net/ip/viewip468.aspx
- DNS ASK sm##.qq.com
- DNS ASK www.cz##.net