Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe %WINDIR%\Cursors\lsass.exe'
- '%WINDIR%\Cursors\lsass.exe' <Полный путь к вирусу>
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program = %WINDIR%\Cursors\lsass.exename = Nero mode = ENABLE
- '<SYSTEM32>\attrib.exe' +H%WINDIR%\Cursors\lsass.exe
- %WINDIR%\Cursors\lsass.exe
- %TEMP%\~DFDA23.tmp
- 'sp###.#oesntexist.com':3175
- DNS ASK sp###.#oesntexist.com