Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\aspnet_states] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\aspnet_states] 'ImagePath' = '<SYSTEM32>\wwmiwy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\DSLserverorm] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\DSLserverorm] 'ImagePath' = '<SYSTEM32>\fsldsw.exe'
- '<SYSTEM32>\wwmiwy.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\\up.bat
- '<SYSTEM32>\taskkill.exe' /f /t /im <Имя вируса>.exe
- '%TEMP%\vip.exe'
- '<SYSTEM32>\fsldsw.exe'
- '%TEMP%\100.exe'
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\wwmiwy.exe
- %TEMP%\up.bat
- <SYSTEM32>\fsldsw.exe
- %TEMP%\vip.exe
- %TEMP%\100.exe
- %TEMP%\100.exe в %TEMP%\SOFTWARE.LOG
- 'ap#.#oho1z.com':80
- 'ge###.api520.com':1001
- 'cc.##i520.com':1002
- http://ap#.#oho1z.com/baohe/wb/update.txt
- DNS ASK ap#.#oho1z.com
- DNS ASK ge###.api520.com
- DNS ASK cc.##i520.com
- ClassName: '' WindowName: ''