Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Netman] 'Start' = '00000002'
- %TEMP%\~DF3C7Cb.tmp "<Полный путь к вирусу>" "%TEMP%\~DF3Cf.tmp"
- %TEMP%\~DF3C7t.tmp
- <SYSTEM32>\rundll32.exe "<SYSTEM32>\Netserv.dll",TStartUp 0x11
- <SYSTEM32>\notepad.exe "%TEMP%\WindowsUpdate.log"
- <SYSTEM32>\Netserv.dll
- %TEMP%\~DF3C7Cb.tmp
- %TEMP%\~DF3C7t.tmp
- %TEMP%\~DF3C7t.tmp
- 'no#####tolose.3322.org':8081
- 'ha#####and.blogdns.org':8080
- 'localhost':1037
- DNS ASK no#####tolose.3322.org
- DNS ASK ha#####and.blogdns.org
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Notepad' WindowName: ''