Техническая информация
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '<SYSTEM32>\blphct1lj0ece5.scr'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lphct1lj0ece5' = '<SYSTEM32>\lphct1lj0ece5.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'advap32' = '"%TEMP%\loader.exe" /r'
- [<HKLM>\SYSTEM\ControlSet001\Services\sr] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\srservice] 'Start' = '00000002'
- Компонент восстановления системы (SR)
- %TEMP%\scan.exe
- %TEMP%\loader.exe
- <SYSTEM32>\wscript.exe "%TEMP%\.tt1.tmp.vbs"
- %TEMP%\.tt2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\windowsupdate.microsoft[1]
- %TEMP%\.tt3.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\50411c14-6ffa-41c5-be41-b3290b2c7c69[1].gif
- <SYSTEM32>\blphct1lj0ece5.scr
- %TEMP%\scan.exe
- %TEMP%\loader.exe
- %TEMP%\.tt1.tmp.vbs
- <SYSTEM32>\phct1lj0ece5.bmp
- <SYSTEM32>\Restore\MachineGuid.txt
- %TEMP%\.tt2.tmp
- 'av###2008.net':80
- '20#.#6.232.182':80
- '66.##7.167.21':80
- av###2008.net/images/1340824673/132a071e5d1437b80c401c6982d513a0/50411c14-6ffa-41c5-be41-b3290b2c7c69.gif
- 20#.#6.232.182/
- 66.##7.167.21/40E8001431313030303030303030303030303030303031306C0000004666000000007600000642EB00053071F5C901
- DNS ASK av###2008.net
- DNS ASK windowsupdate.microsoft.com
- ClassName: 'SysListView32' WindowName: ''