Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Themes.vbs
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- <SYSTEM32>\net1.exe
- <SYSTEM32>\taskkill.exe /f /im wscript.exe
- <SYSTEM32>\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Services\BITS /v Start /t REG_DWORD /d 02 /f
- %WINDIR%\regedit.exe /s "%TEMP%\\120531_res.reg"
- %WINDIR%\regedit.exe /s "%TEMP%\\128390_res.reg"
- %WINDIR%\regedit.exe /s "%TEMP%\\132203_res.reg"
- <SYSTEM32>\cmd.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Themes.dat
- %TEMP%\132203_res.tmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\DelThemes.reg
- <SYSTEM32>\syscchn.dll
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Theme.vbs
- %TEMP%\wi118781nd.temp
- %TEMP%\MyInformations.ini
- %TEMP%\120531_res.tmp
- %TEMP%\128390_res.tmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Themes.reg
- %TEMP%\MyInformations.ini
- из <Полный путь к вирусу> в %TEMP%\systemp.tmp
- 'ls####90.3322.org':5010
- DNS ASK ls####90.3322.org
- ClassName: '' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''