Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\DCZ4AIS.pif
- [<HKLM>\SYSTEM\ControlSet001\Services\PB8T1C6PTXT] 'Start' = '00000002'
- C:\RISEVYVHRF0.EXE WOVMHWQYENE
- <SYSTEM32>\reg.exe ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Display Inline Videos" /t REG_SZ /d no /F
- <SYSTEM32>\regsvr32.exe /u /s scrrun.dll
- <SYSTEM32>\regsvr32.exe /u /s msvidctl.dll
- <SYSTEM32>\regsvr32.exe /s jscript.dll
- <SYSTEM32>\reg.exe ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v Play_Animations /t REG_SZ /d no /F
- <SYSTEM32>\cmd.exe /c C:\O1WT4F1O.BAT
- <SYSTEM32>\regsvr32.exe /s "%WINDIR%\wovmhwqyene.dll"
- <SYSTEM32>\reg.exe ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v DisableScriptDebuggerIE /t REG_SZ /d yes /F
- <SYSTEM32>\regsvr32.exe /u /s itss.dll
- %PROGRAM_FILES%\NLMHNFJJ9\U93LE2UDJ.exe
- %PROGRAM_FILES%\NLMHNFJJ9\11QRJABXA.exe
- C:\O1WT4F1O.BAT
- C:\RISEVYVHRF0.EXE
- %WINDIR%\WOVMHWQYENE.txt
- %WINDIR%\wovmhwqyene.dll
- %PROGRAM_FILES%\NLMHNFJJ9\11QRJABXA.exe
- %PROGRAM_FILES%\NLMHNFJJ9\U93LE2UDJ.exe
- <Полный путь к вирусу>
- '22#.73.10.1':443
- ClassName: 'WOVMHWQYENE' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WOVMHWQYENE' WindowName: 'odwisfif'