Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '1qwqwqe-r213' = '%APPDATA%\fdcvgro.exe'
- '%APPDATA%\fdcvgro.exe'
- '<SYSTEM32>\cmd.exe' /c DEL <Полный путь к вирусу>
- <SYSTEM32>\cmd.exe
- ecmd.exe
- %ALLUSERSPROFILE%\Documents\My Music\My Playlists\_H_e_l_p_RECOVER_INSTRUCTIONS+heo.png
- <Текущая директория>\_H_e_l_p_RECOVER_INSTRUCTIONS+heo.html
- %ALLUSERSPROFILE%\Documents\My Music\My Playlists\_H_e_l_p_RECOVER_INSTRUCTIONS+heo.html
- %ALLUSERSPROFILE%\Documents\My Music\My Playlists\_H_e_l_p_RECOVER_INSTRUCTIONS+heo.txt
- %HOMEPATH%\My Documents\recover_file_bfhmlodlr.txt
- %APPDATA%\fdcvgro.exe
- <Текущая директория>\_H_e_l_p_RECOVER_INSTRUCTIONS+heo.txt
- <Текущая директория>\_H_e_l_p_RECOVER_INSTRUCTIONS+heo.png
- 'pa###ift.com':80
- 'ac#####ourisrael.com':80
- 'la###sdehaan.be':80
- 'ch####ricoop.net':80
- http://pa###ift.com/templates/sj_icenter/html/mod_k2_content/Default/mzsys.php
- http://ac#####ourisrael.com/modules/mod_speedup/mzsys.php
- http://la###sdehaan.be/modules/mod_cmscore/mzsys.php
- http://ch####ricoop.net/tmp/mzsys.php
- DNS ASK ac#####ourisrael.com
- DNS ASK hn#.net
- DNS ASK pa###ift.com
- DNS ASK la###sdehaan.be
- DNS ASK ch####ricoop.net