Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svds' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinVNC4] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\TimeServer] 'Start' = '00000002'
- '<SYSTEM32>\vnm\winvnc4.exe' -register
- '<SYSTEM32>\vnm\winvnc4.exe' -start
- '<SYSTEM32>\vnm\winvnc4.exe' -service
- '<SYSTEM32>\vnm\vnm.exe' install <Полный путь к вирусу>
- '<SYSTEM32>\vnm\svds.exe'
- '<SYSTEM32>\vnm\vnm.exe'
- <SYSTEM32>\showmsg.exe
- <SYSTEM32>\vnm\svds.exe
- %TEMP%\nsz3.tmp\registry.dll
- %TEMP%\nsz3.tmp\AccessControl.dll
- <SYSTEM32>\vnm\wm_hooks.dll
- <SYSTEM32>\vnm\vnm.exe
- %TEMP%\nsf2.tmp
- <SYSTEM32>\vnm\winvnc4.exe
- <SYSTEM32>\vnm\vnm
- %TEMP%\nsz3.tmp\registry.dll
- %TEMP%\nsz3.tmp\AccessControl.dll
- '23#.0.0.1':24803
- ClassName: '' WindowName: ''