Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'avguix' = '<SYSTEM32>\avguix.exe'
- '%WINDIR%\Help322.exe' (загружен из сети Интернет)
- '%WINDIR%\Help322.exe'
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v avguix /t REG_SZ /d %WINDIR%"\system32\avguix.exe" /f
- '<SYSTEM32>\cmd.exe' /k reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v avguix /t REG_SZ /d %WINDIR%"\system32\avguix.exe" /f
- %WINDIR%\Help322.exe
- <SYSTEM32>\avguix.exe
- 'localhost':1040
- 'www.at#######aoobrigatoriabb.com.br':80
- http://www.at#######aoobrigatoriabb.com.br/pharming/Win_update.exe
- http://www.at#######aoobrigatoriabb.com.br/10/versao.txt
- http://www.at#######aoobrigatoriabb.com.br/infect/Pager.php
- DNS ASK www.at#######aoobrigatoriabb.com.br
- ClassName: 'MS_WINHELP' WindowName: ''