Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rwmsys32.exe' = '<SYSTEM32>\rwmsys32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Cleanup' = 'C:\cleanup.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\irrp] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\irrp] 'ImagePath' = 'system32\drivers\cdzzlva.sys'
- 'C:\kill.exe' /nogui c:\kill.txt
- '<SYSTEM32>\cmd.exe' /c "c:\kill.exe /nogui c:\kill.txt"
- C:\cleanup.bat
- C:\zip.exe
- <SYSTEM32>\rwmsys32.exe
- C:\cleanup.exe
- C:\kill.txt
- C:\kill.exe
- <DRIVERS>\cdzzlva.sys
- %ProgramFiles%\wvshg.txt
- 'sm##.#erra.com.br':25
- DNS ASK sm##.#erra.com.br
- ClassName: 'TabWindowClass' WindowName: ''
- ClassName: 'Internet Explorer_Server' WindowName: ''
- ClassName: 'Shell DocObject View' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'