Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'TCdesk' = '<Полный путь к вирусу>'
- %WINDIR%\58temp\services.exe
- %WINDIR%\58temp\update.exe
- %WINDIR%\58temp\services.exe (загружен из сети Интернет)
- <SYSTEM32>\regsvr32.exe /s scrrun.dll
- <SYSTEM32>\regsvr32.exe /s WSHom.Ocx
- <SYSTEM32>\regsvr32.exe /s "%WINDIR%\58temp\MSWINSCK.OCX"
- <SYSTEM32>\regsvr32.exe /s "%WINDIR%\58temp\MSPPSCK.OCX"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ui[1].asp
- %WINDIR%\58temp\services.exe
- %WINDIR%\58temp\MIDSERVER.txt
- %WINDIR%\58temp\MSWINSCK.OCX
- %WINDIR%\58temp\MSPPSCK.OCX
- %WINDIR%\58temp\update.exe
- %TEMP%\~DFA74D.tmp
- %TEMP%\~DFB5B8.tmp
- 'www.03###nline.com':80
- 'localhost':1035
- www.03###nline.com/wbcount2/exe/ui.asp
- DNS ASK www.03###nline.com
- '25#.#55.255.255':8017
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Progman' WindowName: ''