Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MsCpl' = '"%TEMP%\msbuild\mscpl.exe"'
- "%TEMP%\msbuild\msbuild.exe" (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\TeamViewer_Resource_en[1].dll
- %TEMP%\msbuild\TV_en.dll
- %TEMP%\msbuild\mscpl.exe
- %TEMP%\msbuild\TeamViewer_Resource_en.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\TV_en[1].dll
- %TEMP%\msbuild\msbuild.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\msbuild[1].exe
- %TEMP%\msbuild\TV.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\TV[1].dll
- из <Полный путь к вирусу> в <Текущая директория>\err.log
- 'sv##to.net':80
- sv##to.net/engine/tv/TV_en.dll
- sv##to.net/engine/tv/TeamViewer_Resource_en.dll
- sv##to.net/engine/tv/msbuild.exe
- sv##to.net/engine/tv/TV.dll
- DNS ASK sv##to.net
- DNS ASK ad##e.com
- ClassName: 'Indicator' WindowName: ''