Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\nsdgoj] 'ImagePath' = '<DRIVERS>\nsdgoj.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\nsdgoj] 'Start' = '00000002'
- <DRIVERS>\ipfltdrv.sys
- '<SYSTEM32>\cmd.exe' /C ping.exe 127.0.0.1 & del "<Полный путь к вирусу>"
- '<SYSTEM32>\ping.exe' 127.0.0.1
- '<SYSTEM32>\sc.exe' create nsdgoj type= kernel start= auto binpath= <DRIVERS>\nsdgoj.sys
- '<SYSTEM32>\sc.exe' stop ipfilterdriver
- '<SYSTEM32>\sc.exe' start ipfilterdriver
- %WINDIR%\ime\xc8689.dll
- <SYSTEM32>\dllcache\ipfltdrv.sys.new
- %WINDIR%\Help\mtv7994
- %WINDIR%\msapps\sm1074.nfo
- %WINDIR%\ime\xd1568.dll
- <DRIVERS>\ipfltdrv.sys.new
- %TEMP%\1.tmp
- %WINDIR%\srchasst\gnz3538.lex
- <SYSTEM32>\dllcache\ipfltdrv.sys.sys
- <DRIVERS>\nsdgoj.log
- <DRIVERS>\ipfltdrv.sys.txt
- %TEMP%\1.tmp
- <DRIVERS>\ipfltdrv.sys
- <DRIVERS>\nsdgoj.log в <DRIVERS>\nsdgoj.sys
- DNS ASK www.ba##u.com