Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'ImaginView' = 'rundll32.exe "%ALLUSERSPROFILE%\Application Data\MsHelp\whlpsvc.dll" ImaginView 1'
- '<SYSTEM32>\attrib.exe' -a -r -s -h "<Полный путь к вирусу>"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\ebvi307.bat
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\Application Data\MsHelp\whlpsvc.dll" ImaginView 1
- %TEMP%\ebvi307.bat
- %ALLUSERSPROFILE%\Application Data\MsHelp\RCX1.tmp
- %ALLUSERSPROFILE%\Application Data\MsHelp\whlpsvc.dll
- %ALLUSERSPROFILE%\Application Data\MsHelp\whlpsvc.dll
- %ALLUSERSPROFILE%\Application Data\MsHelp\RCX1.tmp в %ALLUSERSPROFILE%\Application Data\MsHelp\whlpsvc.dll
- '19#.1.1.16':3128
- 'up.###icescan.net':443
- DNS ASK up.###icescan.net