Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, %ALLUSERSPROFILE%\Application Data\hiho.exe'
- <SYSTEM32>\wscript.exe "<Текущая директория>\3.vbs"
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1601' = '00000000'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\go.jetswap[1]
- C:\Documents and Settings\Default User\Application Data\hiho.exe
- <Текущая директория>\3.vbs
- 'go.##tswap.com':80
- 'localhost':1034
- go.##tswap.com/
- DNS ASK go.##tswap.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''