Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\polymorph3reg] 'Startup' = 'polymorph3reg'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\polymorph3reg] 'DllName' = '%ALLUSERSPROFILE%\Documents\Settings\polymorph3.dll'
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Temp\polC268.tmp
- %TEMP%\pol1D26.tmp
- %ALLUSERSPROFILE%\Documents\Settings\polymorph3.dll
- 'ew#########.php?spm=2&method=reg&tds=1':80
- ew#########.php?spm=2&method=reg&tds=1
- DNS ASK ew#########.php?spm=2&method=reg&tds=1
- DNS ASK microsoft.com