Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '<SYSTEM32>\svchosts.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'avg' = 'C:\Arquivos de programas\avg.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\avg.exe
- <SYSTEM32>\svchosts.exe
- '<L###LNET>.0.2':80
- 'gm###atis.biz':80
- 'localhost':1038
- http://gm###atis.biz/Explorer.exe
- http://SEU PHP via <L###LNET>.0.2
- DNS ASK gm###atis.biz