Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\asectool.exe" /sn'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AdvSecTool' = '"%APPDATA%\asectool.exe"'
- <SYSTEM32>\wbem\mofcomp.exe "%APPDATA%\secmof.tmp"
- <SYSTEM32>\rundll32.exe shell32.dll,Control_RunDLL "<SYSTEM32>\wscui.cpl",
- <SYSTEM32>\regsvr32.exe /s "%APPDATA%\scan.dll"
- <SYSTEM32>\cmd.exe /c ""%APPDATA%\1tmp.bat" "
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '".exe;"'
- %APPDATA%\secmof.tmp
- %APPDATA%\1tmp.bat
- %TEMP%\tmp1.tmp
- %APPDATA%\scan.dll
- %APPDATA%\asectool.exe
- %HOMEPATH%\Desktop\Advanced Security Tool 2010.LNK
- %HOMEPATH%\Start Menu\Advanced Security Tool 2010.LNK
- %TEMP%\tmp1.tmp
- 'fi####toupdate1.com':80
- fi####toupdate1.com/st1/index.php
- DNS ASK fi####toupdate1.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''