Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'yyou.exe' = '"%APPDATA%\yyou.exe"'
- %WINDIR%\Tasks\fbagent.job
- %TEMP%\ cm2.exe
- %TEMP%\ cm1.exe
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\ photo.JPG
- iexplore.exe
- firefox.exe
- chrome.exe
- %APPDATA%\yyou.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\setup[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\setup[1].php
- %TEMP%\4.tmp
- %TEMP%\3.tmp
- %TEMP%\2.tmp
- %TEMP%\ photo.JPG
- %TEMP%\ cm2.exe
- %TEMP%\ cm1.exe
- %APPDATA%\fnkx.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\setup[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\setup[1].php
- 'st##001.com':80
- st##001.com/1/setup.php?ac############################################
- st##001.com/1/setup.php?ac##################################################
- st##001.com/1/setup.php?ac#################################################
- st##001.com/1/setup.php?ac########################################################
- DNS ASK st##001.com
- '<IP-адрес в локальной сети>':1037
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''