Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] '1' = '"%ALLUSERSPROFILE%\Application Data\Microsoft\LocalApp\msstr.exe"'
- '<SYSTEM32>\regsvr32.exe' /s jscript.dll
- '<SYSTEM32>\ping.exe' -n 2 127.0.0.1
- '%ALLUSERSPROFILE%\Application Data\Microsoft\LocalApp\msstr.exe'
- '<SYSTEM32>\cmd.exe' ping -n 2 127.0.0.1 > nul & del "<Полный путь к вирусу>" >> NUL
- %ALLUSERSPROFILE%\Application Data\Microsoft\LocalApp\msstr.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\google[1].htm
- %ALLUSERSPROFILE%\Application Data\Microsoft\LocalApp\msclt.dll
- %ALLUSERSPROFILE%\Application Data\Microsoft\LocalApp\alths.rc
- %ALLUSERSPROFILE%\Application Data\Microsoft\LocalApp\mscts.dll
- '76.##.98.194':80
- http://76.##.98.194/pannel/google.php