Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft.NET' = '%WINDIR%\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\req5.bat
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "<Текущая директория>\<Имя вируса>_.doc"
- '%WINDIR%\svchost.exe'
- %TEMP%\req5.bat
- <Текущая директория>\<Имя вируса>_.doc
- %TEMP%\ms3626.tmp
- %WINDIR%\svhost3.dll
- %WINDIR%\RCX4.tmp
- %WINDIR%\RCX1.tmp
- %WINDIR%\svchost.exe
- %WINDIR%\RCX3.tmp
- %WINDIR%\RCX2.tmp
- %WINDIR%\svhost3.dll
- %WINDIR%\svchost.exe
- %WINDIR%\svchost.exe
- %WINDIR%\svchost.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''