Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] '' = '<SYSTEM32>\svch0st.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Ndisprot] 'Start' = '00000001'
- '<SYSTEM32>\svch0st.exe' <Полный путь к вирусу>
- '<SYSTEM32>\net1.exe' start ndisprot
- <DRIVERS>\SET3.tmp
- %WINDIR%\inf\INFCACHE.0
- <SYSTEM32>\svch0st.exe
- <SYSTEM32>\EventSystem.dll
- %WINDIR%\ndisprot.inf
- %WINDIR%\ndisprot.sys
- %WINDIR%\inf\oem3.PNF
- %WINDIR%\inf\oem3.inf
- %WINDIR%\ndisprot.inf
- %WINDIR%\ndisprot.sys
- %WINDIR%\inf\INFCACHE.2 в %WINDIR%\inf\OLDCACHE.000
- %WINDIR%\inf\INFCACHE.1 в %WINDIR%\inf\INFCACHE.2
- <DRIVERS>\SET3.tmp в <DRIVERS>\Ndisprot.sys
- 'a.###huamz.com':2721
- DNS ASK a.###huamz.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'