Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Update' = '%APPDATA%\hostService.exe'
- '%APPDATA%\7za.exe' e -pgipsy 1.7z
- '%APPDATA%\stub1.exe'
- '%APPDATA%\hostService.exe'
- '%TEMP%\nsa4.tmp\ns5.tmp' "%APPDATA%\7za.exe" e -pgipsy 1.7z
- '%TEMP%\bunr.exe' x "%TEMP%\zlknh.7z" -pzdoxynvdls -o"%TEMP%\" -aoa
- '%TEMP%\baqnbram.exe'
- '%TEMP%\win2.exe'
- %APPDATA%\dat.dat
- %TEMP%\nsa4.tmp\ns5.tmp
- %TEMP%\nsa4.tmp\nsExec.dll
- %APPDATA%\hostService.exe
- %APPDATA%\stub1.exe
- %APPDATA%\1.7z
- %TEMP%\zlknh.7z
- %TEMP%\bunr.exe
- %TEMP%\baqnbram.exe
- %APPDATA%\7za.exe
- %TEMP%\win2.exe
- %TEMP%\nsx2.tmp\ExecDos.dll
- %TEMP%\nsa4.tmp\nsExec.dll
- %TEMP%\nsa4.tmp\ns5.tmp
- %TEMP%\nsx2.tmp\ExecDos.dll
- 'vi###ayers.com':80
- 'localhost':1036
- vi###ayers.com/script/display.php
- DNS ASK vi###ayers.com
- ClassName: '(null)' WindowName: 'Rocketfuel Installer - Xvid Player'
- ClassName: '(null)' WindowName: 'Rocketfuel Installer - Xvid Player2'
- ClassName: '(null)' WindowName: 'MediaPlayer'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'