Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate] 'DllName' = 'soemuav.dll'
- "%TEMP%\win051.exe" (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c "%TEMP%\lalala.bat"
- %TEMP%\qts2.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\serv[1].exe
- %TEMP%\win051.exe
- <SYSTEM32>\soemuav.dll
- %TEMP%\lalala.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\serv[1].txt
- %TEMP%\win051.exe
- 'la##.oicp.net':80
- 'localhost':1037
- 'www.ba##u.com':80
- la##.oicp.net/serv.exe
- la##.oicp.net/serv.txt
- www.ba##u.com/index.html
- DNS ASK la##.oicp.net
- DNS ASK www.ba##u.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''