Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\6to4] 'Start' = '00000002'
- C:\Del1.tmp -delself 1888 ""%TEMP%\update.exe""
- <SYSTEM32>\win32sp2.dll
- C:\Del1.tmp
- %WINDIR%\Temp\~tmp7efd5cca.old
- %TEMP%\update.exe
- %WINDIR%\Help\ЦР№ъПµНі·ВХжС§»бµЪОеЅмµЪЛДґОАнКВ»б»бТйНЁЦЄ.bak
- <Текущая директория>\ЦР№ъПµНі·ВХжС§»бµЪОеЅмµЪЛДґОАнКВ»б»бТйНЁЦЄ\ЦР№ъПµНі·ВХжС§»бµЪОеЅмµЪЛДґОАнКВ»б»бТйНЁЦЄ.liz
- <Текущая директория>\ЦР№ъПµНі·ВХжС§»бµЪОеЅмµЪЛДґОАнКВ»б»бТйНЁЦЄ\ЦР№ъПµНі·ВХжС§»бµЪОеЅмµЪЛДґОАнКВ»б»бТйНЁЦЄ.doc
- %TEMP%\update.exe
- %WINDIR%\Help\ЦР№ъПµНі·ВХжС§»бµЪОеЅмµЪЛДґОАнКВ»б»бТйНЁЦЄ.bak
- <Текущая директория>\ЦР№ъПµНі·ВХжС§»бµЪОеЅмµЪЛДґОАнКВ»б»бТйНЁЦЄ\ЦР№ъПµНі·ВХжС§»бµЪОеЅмµЪЛДґОАнКВ»б»бТйНЁЦЄ.liz
- из <Полный путь к вирусу> в C:\RECYCLER\byeyou.tmp
- 'su#####s1.serveblog.net':443
- DNS ASK ns#.#322.net
- DNS ASK su#####s1.serveblog.net
- DNS ASK ns#.#hina.com