Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Winsuse' = '%WINDIR%\inf\<Имя вируса>.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\TermService] 'Start' = '00000002'
- '%WINDIR%\inf\<Имя вируса>.exe'
- '<SYSTEM32>\net1.exe' localgroup "Backup Operators" xexe /add
- '<SYSTEM32>\net1.exe' start TermService
- '<SYSTEM32>\ipconfig.exe' /all
- '<SYSTEM32>\net1.exe' accounts /maxpwage:unlimited
- '<SYSTEM32>\chcp.com' 1251
- '<SYSTEM32>\cmd.exe' /c %TEMP%\gte.bat
- '<SYSTEM32>\sc.exe' config TermService start= auto
- '<SYSTEM32>\net1.exe' user xexe 123123a /add
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].php
- %TEMP%\index.html
- %TEMP%\es5638.gl
- %WINDIR%\inf\<Имя вируса>.exe
- %TEMP%\gte.bat
- %WINDIR%\inf\termsrv.dll
- %TEMP%\es5638.gl
- %TEMP%\index.html
- '2i#.ru':80
- '93.##8.134.11':25
- '74.##5.232.51':80
- 'localhost':1037
- 2i#.ru/index.php
- DNS ASK sm##.yandex.ru
- DNS ASK 2i#.ru
- DNS ASK www.google.com