Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RyHDCpl' = '%PROGRAM_FILES%\SATASERY\<Имя вируса>.exe'
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\alg.exe
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\services.exe
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\lsass.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\svchost.exe
- %PROGRAM_FILES%\SATASERY\1776_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\1032_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\1668_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\1424_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\1544_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\2424_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\2752_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\2792_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\2736_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\2488_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\2504_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\1336_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\sery.log
- %PROGRAM_FILES%\SATASERY\604_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\<Имя вируса>.exe
- %PROGRAM_FILES%\SATASERY\sery.conf
- %PROGRAM_FILES%\SATASERY\bu-bu.exe
- %PROGRAM_FILES%\SATASERY\656_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\1144_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\1216_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\968_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\668_SATASERY.tmp
- %PROGRAM_FILES%\SATASERY\836_SATASERY.tmp