Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OociqOJaSzrQdtJ5' = '%WINDIR%\updates.exe -lds'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к вирусу>' = '<Полный путь к вирусу>:*:Enabled:Win32load'
- <SYSTEM32>\cmd.exe /c """%TEMP%\Pmm515gz3S7Sc8E.bat"" "
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\hide[1].dll
- %TEMP%\fa52.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\doit[1].php
- %TEMP%\Pmm515gz3S7Sc8E.bat
- %WINDIR%\updates.exe -lds
- 'de###soul.cn':80
- de###soul.cn/elt/doit.php?v=#####################################
- de###soul.cn/elt/hide.dll
- DNS ASK de###soul.cn
- ClassName: 'Indicator' WindowName: ''