Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\vnsieq] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\mikffp] 'Start' = '00000002'
- <SYSTEM32>\sc.exe stop mikffp
- <SYSTEM32>\sc.exe create vnsieq type= kernel start= auto binpath= "%ALLUSERSPROFILE%\Application Data\DWQKJTP\vnsieq.bin"
- <SYSTEM32>\sc.exe start mikffp
- <SYSTEM32>\sc.exe create mikffp type= kernel binpath= "%ALLUSERSPROFILE%\Application Data\DWQKJTP\mikffp.bin" start= auto
- <SYSTEM32>\sc.exe stop null
- %WINDIR%\Web\zx8871.htt
- %WINDIR%\Web\hx4999.htt
- %WINDIR%\Temp\{5438d9df-dade-4820-008a-47b6c28a933b}
- %ALLUSERSPROFILE%\Application Data\DWQKJTP\vnsieq.bin
- %WINDIR%\inf\lqb7710
- %TEMP%\1.tmp
- %ALLUSERSPROFILE%\Application Data\DWQKJTP\xwv3490.hlp
- %WINDIR%\Web\ly4133.htt
- %ALLUSERSPROFILE%\Application Data\DWQKJTP\mikffp.bin
- %TEMP%\1.tmp
- %ALLUSERSPROFILE%\Application Data\DWQKJTP\vnsieq.bin
- %ALLUSERSPROFILE%\Application Data\DWQKJTP\mikffp.bin
- 'rp.##q88.com':80
- 'rp##.21civ.com':80
- rp.##q88.com/rp.php?om###################################################################################
- rp##.21civ.com/az.php?st######################################################
- DNS ASK www.ba##u.com
- DNS ASK rp.##q88.com
- DNS ASK rp##.21civ.com
- ClassName: 'Shell_TrayWnd' WindowName: ''