Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\crssss] 'Start' = '00000002'
- %WINDIR%\usernet\musics\audiodev.exe
- <SYSTEM32>\attrib.exe %WINDIR%\Usernet +s +h
- <SYSTEM32>\attrib.exe c:\Recycler +s +h
- <SYSTEM32>\net1.exe start crssss
- <SYSTEM32>\wscript.exe "%WINDIR%\usernet\musics\if.vbs"
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\usernet\musics\if.bat" "
- %WINDIR%\usernet\musics\audiodev.exe
- %WINDIR%\usernet\musics\if.bat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\wpad[1].dat
- %TEMP%\ckz_ES5V\What is Milad un nabi.doc.exe
- %WINDIR%\usernet\musics\if.vbs
- %WINDIR%\usernet\musics\What is Milad un nabi.doc
- %TEMP%\ckz_ES5V\What is Milad un nabi.doc.exe
- 'wpad.localdomain':80
- 'de####eturns.com':21
- wpad.localdomain/wpad.dat
- DNS ASK wpad.localdomain
- DNS ASK de####eturns.com
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''