Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winservice' = '%WINDIR%\SCVHOST.EXE'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %WINDIR%\SCVHOST.EXE
- %ALLUSERSPROFILE%\Application Data\TEMP\RAIDTest
- %WINDIR%\SCVHOST.EXE
- '21#.#9.161.136':6667
- '21#.#9.161.136':80
- http://21#.#9.161.136/bot/socks.php?po##############
- ClassName: '' WindowName: 'AnVir Task Manager'
- ClassName: '' WindowName: 'Скрытый процесс запрашивает сетевой доступ'
- ClassName: '' WindowName: '??????? ??????? ??????????? ??????? ??????'
- ClassName: '' WindowName: '??????? ??????? ??? <Имя файла>.exe'
- ClassName: '' WindowName: 'Оповещение системы безопасности Windows'
- ClassName: '' WindowName: '?????????? ??????? ???????????? Windows'
- ClassName: '' WindowName: 'Создать правило для <Имя файла>.exe'
- ClassName: '' WindowName: 'Windows Security Alert'
- ClassName: '' WindowName: 'Hidden Process Requests Network Access'
- ClassName: '' WindowName: 'Warning: Components Have Changed'
- ClassName: '' WindowName: 'Create rule for <Имя файла>.exe'
- ClassName: '' WindowName: 'Внимание: некоторые компоненты изменились'
- ClassName: '' WindowName: '????????: ????????? ?????????? ??????????'
- ClassName: '' WindowName: 'PermissionDlg'