Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSV Update' = '%HOMEPATH%\msvci.exe'
- '%TEMP%\is-HVBIP.tmp\_<Имя вируса>.tmp' /SL5="$60036,2345442,163328,%TEMP%\_<Имя вируса>.exe"
- '%HOMEPATH%\msvci.exe'
- '%TEMP%\_<Имя вируса>.exe'
- '%TEMP%\msvcp.exe'
- %HOMEPATH%\msvci.exe
- %TEMP%\mspupdate.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\thebluemeanies[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ppen24[1].zip
- %TEMP%\is-EU5A6.tmp\_isetup\_shfoldr.dll
- %TEMP%\msvcp.exe
- %TEMP%\_<Имя вируса>.exe
- %TEMP%\is-EU5A6.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-HVBIP.tmp\_<Имя вируса>.tmp
- %TEMP%\mspupdate.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\thebluemeanies[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ppen24[1].zip
- 'www.th####emeanies.net':80
- 'op####.comyr.com':80
- 'localhost':1035
- www.th####emeanies.net/?id##############
- op####.comyr.com/ppen24.zip
- DNS ASK www.th####emeanies.net
- DNS ASK op####.comyr.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''