Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\AppPatch\bknjhsg.dat,'
- <SYSTEM32>\route.exe -p add 128.130.60.0 mask 255.255.255.0 192.168.193.1
- <SYSTEM32>\route.exe -p add 139.91.222.0 mask 255.255.255.0 192.168.193.1
- <SYSTEM32>\route.exe -p add 141.202.248.0 mask 255.255.255.0 192.168.193.1
- <SYSTEM32>\netsh.exe firewall set allowedprogram \??\<SYSTEM32>\winlogon.exe ENABLE
- <SYSTEM32>\route.exe -p add 128.111.48.0 mask 255.255.255.0 192.168.193.1
- <SYSTEM32>\route.exe -p add 128.130.56.0 mask 255.255.255.0 192.168.193.1
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\winlogon.exe
- opera.exe
- iexplore.exe
- firefox.exe
- ClassName: 'AVP.MainWindow' WindowName: ''
- %WINDIR%\AppPatch\bknjhsg.dat
- из <Полный путь к вирусу> в %TEMP%\1.tmp
- DNS ASK pd##red.com
- ClassName: '' WindowName: 'Kaspersky Virus Removal Tool 2010'
- ClassName: 'ThunderRT6FormDC' WindowName: ''
- ClassName: 'OSAM: Autorun Manager' WindowName: '#32770'
- ClassName: 'Malwarebytes' WindowName: 'ThunderRT6FormDC'
- ClassName: '____AVP.Root' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: '' WindowName: 'random'
- ClassName: '' WindowName: '???????????? ??????? AVZ'