Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe ypager.exe s'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{423702KJY0-YKN5OK-D1KOW-F49T8-TVUI81RWM117}] 'StubPath' = 'netconfig.exe'
- '<SYSTEM32>\ypager.exe' s
- '%WINDIR%\netconfig.exe' s
- '%HOMEPATH%\Local Settings\TMP1010.exe.exe' Settings\TMP1010.exe.exe pth:<Полный путь к вирусу>
- '<SYSTEM32>\net1.exe' localgroup /ADD %USERNAME%s Support721
- '<SYSTEM32>\net1.exe' user Support721 789654 /ADD
- %WINDIR%\netconfig.exe
- %TEMP%\TMP301.tmp
- %TEMP%\TMP011.tmp
- %HOMEPATH%\Local Settings\TMP1010.exe
- <SYSTEM32>\ypager.exe
- %WINDIR%\netconfig.exe
- <SYSTEM32>\ypager.exe
- %TEMP%\TMP301.tmp
- %TEMP%\TMP011.tmp