Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\bbbc] 'Start' = '00000002'
- '<SYSTEM32>\rundll32.exe' %CommonProgramFiles%\hhhi\ooop.dll,Service
- %CommonProgramFiles%\hhhi\ooop.dll
- %CommonProgramFiles%\hhhi\jjjk\jjjk.ini
- %CommonProgramFiles%\hhhi\ddde\ddde.ini
- %CommonProgramFiles%\hhhi\jjjk.ini
- %CommonProgramFiles%\hhhi\gggh.ini
- %CommonProgramFiles%\hhhi\eeef.ini
- %CommonProgramFiles%\hhhi\lllm.dll
- <Полный путь к вирусу>
- %CommonProgramFiles%\hhhi\jjjk\jjjk.ini в <SYSTEM32>\МцІ
- из <Полный путь к вирусу> в C:\~de1.tmp
- 'up####.borlander.cn':80
- 'ac####.borlander.com.cn':80
- up####.borlander.cn/updmms1/updvsnex.ini
- up####.borlander.cn/updmms1/updateex.ini
- ac####.borlander.com.cn/active?t=###########################
- DNS ASK up####.borlander.cn
- DNS ASK ac####.borlander.com.cn
- ClassName: '_mms_wnd_' WindowName: '_mms_wnd_'