Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,winupdate32.exe.exe,'
- %WINDIR%\winupdate32.exe.exe *melt* <Полный путь к вирусу>
- <SYSTEM32>\cmd.exe /c c:\insme.bat
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\mswinsck.ocx
- AVP32.EXE
- AVP.EXE
- AVSYNMGR.EXE
- fsav32.exe
- AVGCTRL.EXE
- AVGCC32.EXE
- smc.exe
- GUARD.EXE
- ZONEALARM.EXE
- zapro.exe
- AVPM.EXE
- AVPCC.EXE
- MCAGENT.EXE
- %WINDIR%\winupdate32.exe.exe
- C:\insme.bat
- %WINDIR%\monitor.log
- <SYSTEM32>\mswinsck.ocx
- %WINDIR%\0winupdate32.exe.exe
- %WINDIR%\winupdate32.exe.exe
- %TEMP%\~DFE97C.tmp
- %WINDIR%\0winupdate32.exe.exe
- 'ev####eations.net':80
- ev####eations.nethttp://evilcreations.net/ths/index.php?ip###########################################################################################
- DNS ASK ev####eations.net