Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Cysrun' = '%WINDIR%\Cysrun.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Cyswin' = '%WINDIR%\Cyswin.exe'
- <Имя диска съемного носителя>:\autorun.inf
- <Имя диска съемного носителя>:\Cysset.exe
- '%WINDIR%\Cysusb.exe'
- '%WINDIR%\Cyswin.exe'
- '%WINDIR%\Cysrun.exe' 1
- %TEMP%\aut6.tmp
- %TEMP%\Set0x12.dat
- %TEMP%\Set0x2.dat
- %TEMP%\Set0x8.dat
- %TEMP%\Setting4x.Conf
- %TEMP%\Setting2x.Conf
- %WINDIR%\Winysys.Conf
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Setting2x[1].Conf
- %TEMP%\aut5.tmp
- %TEMP%\aut2.tmp
- %WINDIR%\Cysusb.exe
- %TEMP%\aut1.tmp
- %WINDIR%\Cyswin.exe
- %TEMP%\aut4.tmp
- %WINDIR%\Cysrun.exe
- %TEMP%\aut3.tmp
- %TEMP%\Set0x4.dat
- %TEMP%\Set0x12.dat
- %TEMP%\Set0x8.dat
- <Имя диска съемного носителя>:\autorun.inf
- <Имя диска съемного носителя>:\Cysset.exe
- %TEMP%\Set0x2.dat
- %WINDIR%\Cysusb.exe
- %WINDIR%\Cyswin.exe
- %WINDIR%\Cysrun.exe
- %TEMP%\Set0x4.dat
- %TEMP%\aut6.tmp
- %TEMP%\aut5.tmp
- %TEMP%\Setting4x.Conf
- %TEMP%\Setting2x.Conf
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut3.tmp
- 'ir#.##eenode.net':6667
- 'ns###up.zzl.org':80
- ns###up.zzl.org/Setting2x.Conf
- DNS ASK ir#.##eenode.net
- DNS ASK ns###up.zzl.org
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'