Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Updater' = '"<SYSTEM32>\Windows Update.exe"'
- <SYSTEM32>\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 16
- <SYSTEM32>\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 32
- <SYSTEM32>\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe /noconfig /fullpaths @"%TEMP%\8up1yehw.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:"%TEMP%\RES2.tmp"" "%TEMP%\CSC1.tmp"
- %TEMP%\RES2.tmp
- %TEMP%\CSC1.tmp
- %TEMP%\8up1yehw.out
- %TEMP%\first.exe
- <SYSTEM32>\log 04.07.2011_03.23.txt
- <SYSTEM32>\Windows Update.exe
- %TEMP%\second.exe
- %TEMP%\8up1yehw.cmdline
- %TEMP%\nss3.dll
- %TEMP%\nspr4.dll
- %TEMP%\Firefox.exe
- %TEMP%\plc4.dll
- %TEMP%\8up1yehw.0.cs
- %TEMP%\softokn3.dll
- %TEMP%\plds4.dll
- %TEMP%\nss3.dll
- %TEMP%\nspr4.dll
- %TEMP%\plc4.dll
- %TEMP%\softokn3.dll
- %TEMP%\plds4.dll
- %TEMP%\Firefox.exe
- %TEMP%\CSC1.tmp
- %TEMP%\RES2.tmp
- %TEMP%\8up1yehw.out
- %TEMP%\8up1yehw.cmdline
- %TEMP%\8up1yehw.0.cs
- 'xn##.#reehostia.com':80
- xn##.#reehostia.com/wp_cx.txt
- DNS ASK xn##.#reehostia.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''