Техническая информация
- <SYSTEM32>\sc.exe start privtorador
- <SYSTEM32>\regini.exe <DRIVERS>\reg.dll
- <SYSTEM32>\cmd.exe /c <Текущая директория>\<Имя вируса>.bat
- <SYSTEM32>\cmd.exe /c <DRIVERS>\block.bat
- <SYSTEM32>\cacls.exe "%PROGRAM_FILES%\Scpad\scpsssh2.dll" /D Administrador
- <SYSTEM32>\sc.exe create privtorador binpath= "cmd /K start /wait regini <DRIVERS>\reg.dll" type= own type= interact
- <SYSTEM32>\spoolv.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\spoolv[1].jpg
- <Текущая директория>\<Имя вируса>.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\gravaInfo[1].asp
- <DRIVERS>\reg.dll
- <DRIVERS>\block.bat
- <SYSTEM32>\svchosts.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\svchosts[1].jpg
- <DRIVERS>\reg.dll
- 'www.co#####verything.com.br':80
- 'ma######eus.webcindario.com':80
- 'localhost':1035
- www.co#####verything.com.br/ivo/gravaInfo.asp?na##################
- ma######eus.webcindario.com/spoolv.jpg
- ma######eus.webcindario.com/svchosts.jpg
- DNS ASK www.co#####verything.com.br
- DNS ASK ma######eus.webcindario.com