Техническая информация
- %WINDIR%\Tasks\SA.DAT
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- %WINDIR%\svchost.exe <Полный путь к вирусу>
- <SYSTEM32>\at.exe 0:00 /interactive /every:M,T,W,Th,F,S,Su %WINDIR%\svchost.exe
- <SYSTEM32>\at.exe 1:00 /interactive /every:M,T,W,Th,F,S,Su %WINDIR%\svchost.exe
- <SYSTEM32>\net1.exe start schedule
- <SYSTEM32>\cmd.exe /c %WINDIR%\SystemDir.bat
- <SYSTEM32>\sc.exe config Schedule start= AUTO
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\Super[1].asp
- %WINDIR%\SystemDir.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\Super[1].asp
- %WINDIR%\CurNet\deskreg.ini
- %WINDIR%\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\Super[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\Super[1].asp
- 'localhost':1037
- 'ja######.1.xjp.77169.net':80
- 'localhost':1035
- 'bo##.qyqqt.com':80
- ja######.1.xjp.77169.net/Super.asp
- bo##.qyqqt.com/Super.asp
- DNS ASK ja######.1.xjp.77169.net
- DNS ASK bo##.qyqqt.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''