Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe rundll32 rymf.hbr oohegl3'
- '%TEMP%\tvixlg.exe'
- '%TEMP%\tvixlg.exe' (загружен из сети Интернет)
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\rundll32.exe' %TEMP%\1.tmp oohegl3
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\top2x[1].jpg
- %TEMP%\tvixlg.exe
- %TEMP%\1.tmp
- <SYSTEM32>\rymf.hbr
- 'ho#######ricaguesthouse.co.za':80
- '74.##5.232.51':80
- http://ho#######ricaguesthouse.co.za/images/top2x.jpg
- http://google.com/ via 74.##5.232.51
- DNS ASK ho#######ricaguesthouse.co.za
- DNS ASK google.com