Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winsvc' = '<SYSTEM32>\winsvc.exe'
- <SYSTEM32>\winsvc.exe
- Библиотека-обработчик для всех процессов: %WINDIR%\winreg32.dll
- ClassName: 'AOL Frame25' WindowName: ''
- %ALLUSERSPROFILE%\Application Data\NetExt\%USERNAME%\win.dat
- %ALLUSERSPROFILE%\Application Data\NetExt\%USERNAME%\actions.dat
- %ALLUSERSPROFILE%\Application Data\NetExt\%USERNAME%\app.dat
- %ALLUSERSPROFILE%\Application Data\NetExt\%USERNAME%\uman.dat
- <SYSTEM32>\winsvc.exe
- %WINDIR%\winreg32.dll
- %WINDIR%\ncslib.dll
- <SYSTEM32>\winsvc.exe
- ClassName: 'AIM_IMessage' WindowName: ''
- ClassName: 'DeadAIM_TabbedIM' WindowName: ''
- ClassName: 'AOL Child' WindowName: ''
- ClassName: 'AIM_ChatWnd' WindowName: ''
- ClassName: 'IMClass' WindowName: ''
- ClassName: 'IMWindowClass' WindowName: ''
- ClassName: '#32770' WindowName: ''
- ClassName: 'MSN6 Window' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'SpyClass' WindowName: 'RemoteSpy'
- ClassName: 'MozillaWindowClass' WindowName: ''
- ClassName: 'MDIClient' WindowName: ''
- ClassName: 'Opera Main Window' WindowName: ''
- ClassName: 'OUIWINDOW' WindowName: ''