Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %HOMEPATH%\Start Menu\Programs\Startup\ComObj.lnk
- '<SYSTEM32>\regsvr32.exe' /s /n /i:"059.dat" "%APPDATA%\Drm\31097.dll"
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "%TEMP%\IXP000.TMP\$.doc"
- '<SYSTEM32>\regsvr32.exe' /s /n /i:"$.doc" Project1.dll
- %APPDATA%\Drm\31097.dll
- %TEMP%\IXP000.TMP\$.doc
- %TEMP%\IXP000.TMP\Project1.dll
- %TEMP%\IXP000.TMP\Project1.dll
- %TEMP%\IXP000.TMP\$.doc
- 'we#.##tlooksysm.net':80
- DNS ASK we#.##tlooksysm.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''