Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'w32berblol' = '%WINDIR%\w32berb\lol\w32berblol.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\w32berb85962571] 'ImagePath' = '%WINDIR%\w32berb\all\85962571.sys'
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\w32berbtmp\wzkjnkkqwzuorrwmupwt.bat
- '%WINDIR%\w32berb\lol\w32berblol.exe'
- '%WINDIR%\w32berb\all\Syseidmmk.exe'
- '<SYSTEM32>\taskkill.exe' /f /im LolClient.exe
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\w32berbtmp\jtwyodkxkiunegsjiwlg.bat
- '<SYSTEM32>\taskkill.exe' /f /im <Имя вируса>.exe
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\w32berb\lol\deleteme.bat
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\w32berbtmp\hczxyhnplordtiivxwfk.bat
- '<SYSTEM32>\attrib.exe' +s +h "%WINDIR%\w32berb"
- '<SYSTEM32>\attrib.exe' +s +h "%WINDIR%\w32berbtmp"
- '<SYSTEM32>\taskkill.exe' /f /im w32berblol.exe
- %WINDIR%\w32berb\all\Syseidmmk.exe
- %WINDIR%\w32berb\lol\1.jpg
- %WINDIR%\w32berbtmp\jtwyodkxkiunegsjiwlg.bat
- %WINDIR%\w32berb\all\85962571.sys
- %WINDIR%\w32berb\lol\deleteme.bat
- %WINDIR%\w32berbtmp\hczxyhnplordtiivxwfk.bat
- %WINDIR%\w32berbtmp\wzkjnkkqwzuorrwmupwt.bat
- %WINDIR%\w32berb\lol\w32berblol.exe
- %WINDIR%\w32berb\all\85962571.sys
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''