Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\Userinit.exe,%TEMP%\svchost.exe'
- скрытых файлов
- расширений файлов
- <SYSTEM32>\reg.exe add "HKEY_CURRENT_USER\Software\Patchou\Messenger Plus! Live\GlobalSettings\Scripts\MSN PLUS" /v background /d <SYSTEM32>.htm /f
- <SYSTEM32>\reg.exe add "HKEY_CURRENT_USER\Identities\Software\Microsoft\Outlook Express\5.0\signatures" /v "Default Signature" /d <SYSTEM32>.htm/f
- <SYSTEM32>\wscript.exe "<SYSTEM32>\launch.vbs"
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\launch.bat" "
- <SYSTEM32>\launch.bat
- <SYSTEM32>\logstm.txt
- <SYSTEM32>.htm
- <SYSTEM32>\launch.vbs
- <SYSTEM32>\dllcache\stub.exe
- <DRIVERS>\tmpp.exe
- <SYSTEM32>\extract.exe
- %TEMP%\svchost.exe
- <SYSTEM32>\launch.bat
- <SYSTEM32>\launch.vbs
- 'h1.##pway.com':80
- 'wp#d':80
- h1.##pway.com/windowsgames/emailextractor.exe
- h1.##pway.com/windowsgames/email.txt
- wp#d/wpad.dat
- h1.##pway.com/windowsgames/Stub.exe
- DNS ASK h1.##pway.com
- DNS ASK wp#d