Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logon] 'logon' = 'RunAtWinLogon'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logon] 'startup' = 'RunAtWinStartUp'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logon] 'dllname' = 'logon.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'remotewatch' = '<SYSTEM32>\intrasoft\monitor_C.exe'
- '<SYSTEM32>\intrasoft\Monitor_C.exe'
- '<SYSTEM32>\intrasoft\dde2000.exe'
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\intrasoft\runsec.bat
- [<HKCU>\Software\ORL\WinVNC3]
- [<HKLM>\Software\ORL\WinVNC3]
- <DRIVERS>\npf.sys
- <SYSTEM32>\logon.exp
- <SYSTEM32>\logon.dll
- <SYSTEM32>\intrasoft\Packet.dll
- <SYSTEM32>\intrasoft\runsec.bat
- <SYSTEM32>\intrasoft\Monitor_C.exe
- <SYSTEM32>\intrasoft\VNCHooks.dll
- <SYSTEM32>\intrasoft\omnithread2_rt.dll
- <SYSTEM32>\intrasoft\dde2000.exe
- <SYSTEM32>\intrasoft\Ws1_32.dll
- <SYSTEM32>\intrasoft.inf
- <DRIVERS>\filem.sys
- <SYSTEM32>\intrasoft\Ws232.dll
- <SYSTEM32>\config\SecEvent.Evt
- <SYSTEM32>\intrasoft\runsec.bat
- 'localhost':5900
- '25#.#55.255.255':4777
- ClassName: 'Shell_TrayWnd' WindowName: ''