Техническая информация
- <SYSTEM32>\cmd.exe /c ""%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone4.bat" "
- <SYSTEM32>\net1.exe start dnscache
- <SYSTEM32>\svchost.exe -k NetworkService
- <SYSTEM32>\net1.exe stop dnscache
- <SYSTEM32>\wscript.exe "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.vbs"
- <SYSTEM32>\cmd.exe /c ""%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone3.bat" "
- <SYSTEM32>\net.exe stop dnscache
- %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.vbs
- %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone3.bat
- %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone4.bat
- %TEMP%\is-0KU28.tmp\<Имя вируса>.tmp
- %TEMP%\is-P938T.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-P938T.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-0KU28.tmp\<Имя вируса>.tmp
- %TEMP%\is-P938T.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-P938T.tmp\_isetup\_RegDLL.tmp
- ClassName: '' WindowName: '????'
- ClassName: 'Shell_TrayWnd' WindowName: ''