Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Packet Sender] 'ImagePath' = '%APPDATA%\Userinit.exe srv'
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Packet Sender] 'Start' = '00000002'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram %APPDATA%\Userinit.exe "Windows Update Viewer" ENABLE
- '%APPDATA%\Userinit.exe' srv
- %WINDIR%\Temp\d114531
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\doit[1].php
- %APPDATA%\Userinit.exe
- 'www.no##eka.cn':80
- 'localhost':1036
- http://www.no##eka.cn/404/doit.php?v=############################################
- DNS ASK www.no##eka.cn