Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\2089594176] 'Name' = '"%TEMP%\srvAE0.tmp"'
- [<HKLM>\SYSTEM\ControlSet001\Services\srvAE0] 'Start' = '00000002'
- <SYSTEM32>\spoolsv.exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NNU8WKXK\X[1]
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SF0Z72ME\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HM80NSAT\desktop.ini
- <SYSTEM32>\a.exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NNU8WKXK\wpad[1].dat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\wpad[2].dat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\wpad[1].dat
- %WINDIR%\Temp\2.tmp
- %TEMP%\srvAE0.ini
- %TEMP%\srvAE0.tmp
- %WINDIR%\Temp\3.tmp
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S92NC5AN\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NNU8WKXK\desktop.ini
- %WINDIR%\Temp\4.tmp
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HM80NSAT\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SF0Z72ME\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S92NC5AN\desktop.ini
- %TEMP%\srvAE0.tmp
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NNU8WKXK\desktop.ini
- из <Полный путь к вирусу> в %TEMP%\1.tmp
- '<IP-адрес в локальной сети>':80
- 'localhost':1308
- 'wpad.localdomain':80
- '86.##.210.75':80
- '<IP-адрес в локальной сети>':445
- '<IP-адрес в локальной сети>':139
- '86.##.210.72':80
- 86.##.210.72//srv
- wpad.localdomain/wpad.dat
- 86.##.210.75/service/scripts/files/aff_50120.dll
- 86.##.210.72/X
- 86.##.210.72/service/listener.php?af#########
- DNS ASK wpad.localdomain