Техническая информация
- [<HKLM>\SOFTWARE\Classes\a_file\shell\open\command] '' = '%CommonProgramFiles%\Wystem\smss.exe %1'
- %HOMEPATH%\Start Menu\Programs\Startup\system_.a_
- '%CommonProgramFiles%\Wystem\smss.exe' 123.a_
- '%CommonProgramFiles%\Wystem\smss.exe' 22558287.a_
- '%CommonProgramFiles%\Wystem\smss.exe' Йѕ<Полный путь к вирусу>
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ip[1].txt
- %CommonProgramFiles%\Wystem\ipc
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ip[1].txt
- %CommonProgramFiles%\Wystem\smss0.txt
- %WINDIR%\win32.btl
- %CommonProgramFiles%\Wystem\smss.chm
- %CommonProgramFiles%\Wystem\smss.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ip[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ip[1].txt
- %CommonProgramFiles%\Wystem\ipc
- 'localhost':1041
- 'localhost':1043
- 'localhost':1045
- 'localhost':1036
- 'yo##6.com':80
- 'localhost':1039
- yo##6.com/kfkfkf36/ididid36/90027/ip.txt
- DNS ASK yo##6.com
- ClassName: 'MS_WINHELP' WindowName: '(null)'