Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe justched.gbp'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsXP AutoUpdate' = '%APPDATA%\wuauctl.exe'
- <SYSTEM32>\ping.exe www.google.com -n 1 -l 1
- <SYSTEM32>\find.exe "TTL"
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowsXP AutoUpdate" /t REG_SZ /d "%APPDATA%\wuauctl.exe"
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "Explorer.exe justched.gbp"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\a[1].php
- %WINDIR%\xgoodbyte.dll
- %TEMP%\bt17737.bat
- %TEMP%\bt17737.bat
- 'ad#.###er-afiliados.net':80
- 'localhost':1039
- ad#.###er-afiliados.net/a.php?id####################################
- DNS ASK ad#.###er-afiliados.net
- DNS ASK www.google.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''