Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{43F479D-DF19-2A85-4B59-DC4735BD1}] 'StubPath' = '"%TEMP%\activex.exe"'
- Компонент восстановления системы (SR)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\1O6W1VPX\desktop.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\27Q7IR69\desktop.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0PE3KX6J\desktop.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\3AG43ZPK\desktop.ini
- %HOMEPATH%\Local Settings\History\desktop.ini
- %HOMEPATH%\Local Settings\TempXYZ Stealer Logs - USER-4BB09A9C02@7-5-2011 4-13-38 PM.txt
- %TEMP%\activex.exe
- %TEMP%\dw.log
- %HOMEPATH%\Local Settings\Temporary Internet Files\desktop.ini
- %TEMP%\21071.dmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\3AG43ZPK\desktop.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0PE3KX6J\desktop.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\1O6W1VPX\desktop.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\27Q7IR69\desktop.ini
- %TEMP%\activex.exe
- 'www.vh##t.lt':21
- DNS ASK www.vh##t.lt
- ClassName: 'Shell_TrayWnd' WindowName: ''