Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\StreamSpecial] 'Start' = '00000002'
- %PROGRAM_FILES%\BaiduDate.exe
- C:\TimePolice.exe rb
- C:\TimePolice.exe <Полный путь к вирусу>
- <SYSTEM32>\regsvr32.exe /s jscript.dll
- <SYSTEM32>\regsvr32.exe /u /s itss.dll
- <SYSTEM32>\cmd.exe /c "%PROGRAM_FILES%\LayerKavsp.bat"
- %WINDIR%\GoogleDate.exe
- %PROGRAM_FILES%\BaiduDate.exe
- %PROGRAM_FILES%\LayerKavsp.bat
- C:\TimePolice.exe
- %PROGRAM_FILES%\StormII\stormSrv.exe
- ClassName: 'VYQYGIEPUTL' WindowName: 'hloyrkpzmsb'