Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctfmona' = '<SYSTEM32>\ctfmona.exe'
- %TEMP%\.tt2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\9ff90552-14b6-4bac-b1cb-b5b040854910[1].fail
- %TEMP%\.tt3.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\9ff90552-14b6-4bac-b1cb-b5b040854910[1].md5
- <SYSTEM32>\hcbipobed.bmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\9ff90552-14b6-4bac-b1cb-b5b040854910[1].exe
- %TEMP%\.tt1.tmp
- %TEMP%\.tt2.tmp
- %TEMP%\.tt1.tmp
- из <Полный путь к вирусу> в <SYSTEM32>\ctfmona.exe
- '20#.#61.200.42':80
- 20#.#61.200.42/notifier/160/9ff90552-14b6-4bac-b1cb-b5b040854910.fail
- 20#.#61.200.42/notifier/160/9ff90552-14b6-4bac-b1cb-b5b040854910.md5
- 20#.#61.200.42/notifier/160/9ff90552-14b6-4bac-b1cb-b5b040854910.exe
- ClassName: 'SysListView32' WindowName: ''