Техническая информация
- [<HKLM>\SOFTWARE\Classes\.ghi\shell\open\command] '' = 'rundll32.exe "%PROGRAM_FILES%\wisesoft\xec.cc" xxx '
- %TEMP%\is-3SOQH.tmp\is-25DHC.tmp /SL4 $40036 "<Полный путь к вирусу>" 93972 52224
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\wisesoft\gen.nn" ggg
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\wisesoft\qtc.dll" unknown
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\wisesoft\idi.ii" gis
- %WINDIR%\regedit.exe -s "%PROGRAM_FILES%\wisesoft\xec.err"
- %PROGRAM_FILES%\wisesoft\is-B6GRH.tmp
- %PROGRAM_FILES%\wisesoft\is-EN1E4.tmp
- %PROGRAM_FILES%\wisesoft\is-E5QC2.tmp
- %PROGRAM_FILES%\wisesoft\is-SD8UL.tmp
- %PROGRAM_FILES%\wisesoft\is-F3PD1.tmp
- %PROGRAM_FILES%\wisesoft\is-LNT59.tmp
- %PROGRAM_FILES%\wisesoft\unins000.dat
- C:\csrss.dat
- %PROGRAM_FILES%\wisesoft\is-QE719.tmp
- %PROGRAM_FILES%\wisesoft\is-B5RS9.tmp
- %PROGRAM_FILES%\wisesoft\is-T71VI.tmp
- %TEMP%\is-HI2F9.tmp\reg.gg
- %PROGRAM_FILES%\wisesoft\is-RU4JS.tmp
- %TEMP%\is-HI2F9.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-3SOQH.tmp\is-25DHC.tmp
- %TEMP%\is-HI2F9.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\wisesoft\is-P14H3.tmp
- %PROGRAM_FILES%\wisesoft\is-8LMPI.tmp
- %PROGRAM_FILES%\wisesoft\is-4973M.tmp
- %PROGRAM_FILES%\wisesoft\is-Q0106.tmp
- %PROGRAM_FILES%\wisesoft\is-NVM2D.tmp
- %PROGRAM_FILES%\wisesoft\is-RDFL5.tmp
- %TEMP%\is-HI2F9.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-HI2F9.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-HI2F9.tmp\reg.gg
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''