Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows applications server' = '<SYSTEM32>\SysShield.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '%TEMP%\delInstav2009.bat' = '%TEMP%\delInstav2009.bat'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Полный путь к вирусу>"' = '<Полный путь к вирусу>"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Antivirus 2009' = '%ProgramFiles%\Antivirus 2009\AV2009.exe'
- %ALLUSERSPROFILE%\Start Menu\Antivirus 2009\Support.lnk
- %ALLUSERSPROFILE%\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
- %TEMP%\delInstav2009.bat
- %TEMP%\zip.zip
- %HOMEPATH%\Desktop\Antivirus 2009.lnk
- %ALLUSERSPROFILE%\Start Menu\Antivirus 2009\Antivirus 2009.lnk
- %TEMP%\zip.zip
- '21#.#0.112.104':80
- '84.##.235.125':80
- http://21#.#0.112.104/install/zip.zip
- http://84.##.235.125/src.php
- ClassName: 'Shell_TrayWnd' WindowName: ''