Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\r_server] 'Start' = '00000002'
- %WINDIR%\system\r_server.exe /start
- %WINDIR%\system\r_server.exe /service
- %WINDIR%\system\r_server.exe /install /silence
- %WINDIR%\system\littlefun.exe
- %WINDIR%\system\rundll32.exe /inst %WINDIR%\System\ <Полный путь к вирусу>
- %WINDIR%\regedit.exe /s %WINDIR%\System\config.reg
- ClassName: 'AVP.Tray' WindowName: ''
- %WINDIR%\system\raddrv.dll
- %WINDIR%\system\rundll32.exe
- %WINDIR%\system\littlefun.exe
- %WINDIR%\system\r_server.exe
- %WINDIR%\system\config.reg
- 'ma##.inbox.lv':25
- DNS ASK ma##.inbox.lv
- DNS ASK in##x.lv
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''