Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP000.TMP\""'
- <SYSTEM32>\at.exe 20:08 <SYSTEM32>\cmd.exe /c del /F /Q "<Полный путь к вирусу>"
- <SYSTEM32>\at.exe 19:06 /every:Th "<SYSTEM32>\servicess.exe"
- <SYSTEM32>\c_100081.nls
- <SYSTEM32>\ersvvc.dll
- <SYSTEM32>\c_10026.nls
- <SYSTEM32>\C_285594.NLS
- <SYSTEM32>\c__10082.nls
- <SYSTEM32>\c_12254.nls
- <SYSTEM32>\3053\inf3053.dat
- <SYSTEM32>\servicess.exe
- %TEMP%\IXP000.TMP\cvx2902
- %TEMP%\IXP000.TMP\pol32
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\UtLake
- %TEMP%\IXP000.TMP\setup.exe.dll
- <SYSTEM32>\dx8vbb.dll
- %TEMP%\IXP000.TMP\cvx8305
- %TEMP%\IXP000.TMP\LCX5207E
- %TEMP%\IXP000.TMP\UtLake
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\setup.exe.dll
- %TEMP%\IXP000.TMP\cvx2902
- %TEMP%\IXP000.TMP\LCX5207E
- %TEMP%\IXP000.TMP\cvx8305
- %TEMP%\IXP000.TMP\pol32