Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'njbogc.exe' = 'C:\Documents and Settings\LocalService\Application Data\njbogc.exe'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] 'njbogc.exe' = 'C:\Documents and Settings\LocalService\Application Data\njbogc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'njbogc.exe' = '%APPDATA%\njbogc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '<Полный путь к вирусу>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%APPDATA%\njbogc.exe'
- '%APPDATA%\njbogc.exe'
- <SYSTEM32>\cscript.exe
- %APPDATA%\njbogc.exe
- DNS ASK ir#.##d4free.info
- ClassName: 'Indicator' WindowName: '(null)'