Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Zygugt' = '%APPDATA%\Roaming\Microsoft\Windows\themes\Zygugt.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Update Installer' = '%APPDATA%\Roaming\WindowsUpdate\Updater.exe'
- '<SYSTEM32>\schtasks.exe' /delete /tn "Windows Update Check - 0x5C000766" /f
- '<SYSTEM32>\schtasks.exe' /delete /tn "Windows Update Check - 0x6E0A0825" /f
- '<SYSTEM32>\conhost.exe' /delete /tn "Windows Debugger" /f
- '<SYSTEM32>\schtasks.exe' /delete /tn "Windows Update Check - 0x0E7302EC" /f
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\calc.exe'
- '<SYSTEM32>\schtasks.exe' /delete /tn "Windows Update Check - 0x05860166" /f
- <SYSTEM32>\conhost.exe
- <SYSTEM32>\calc.exe
- %APPDATA%\Roaming\Update\Update.exe
- %APPDATA%\Roaming\Microsoft\Windows\Themes\Zygugt.exe
- %TEMP%\c731200
- %APPDATA%\Roaming\c731200
- %APPDATA%\Roaming\WindowsUpdate\Updater.exe
- %APPDATA%\Roaming\Update\Explorer.exe
- DNS ASK n.###bxduhz.ru
- DNS ASK n.###blgoja.ru
- DNS ASK dn#.##ftncsi.com
- DNS ASK ap#.##pmania.com
- DNS ASK n.##tys.ru
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''