Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SharedAPPs' = '%WINDIR%\system\<Имя вируса>.exe'
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\del.bat""
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\GbPluggin\gbiehdst.dll"
- %WINDIR%\regedit.exe /s %WINDIR%\sharedapp.reg
- %PROGRAM_FILES%\GbPluggin\gbplib.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\gbplib[1].js
- %PROGRAM_FILES%\GbPluggin\gbppdist.dll
- <Текущая директория>\del.bat
- %PROGRAM_FILES%\GbPluggin\gbppsv.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\gbppsv[1].js
- %WINDIR%\system\<Имя вируса>.exe
- %WINDIR%\sharedapp.reg
- %PROGRAM_FILES%\GbPluggin\svchost
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\gbppdist[1].js
- %PROGRAM_FILES%\GbPluggin\gbiehdst.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\gbiehdst[1].js
- %WINDIR%\system\<Имя вируса>.exe
- %WINDIR%\sharedapp.reg
- 'www.gb##.kit.net':80
- 'localhost':1037
- www.gb##.kit.net/gbplib.js
- www.gb##.kit.net/gbppsv.js
- www.gb##.kit.net/gbiehdst.js
- www.gb##.kit.net/gbppdist.js
- DNS ASK www.gb##.kit.net
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'wPrimeira' WindowName: ''