Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'run' = '"<SYSTEM32>\winupdate.exe"'
- Диспетчера задач (Taskmgr)
- <SYSTEM32>\winupdate.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\sex1[1].ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\t[1].php
- %HOMEPATH%\Desktop\Uncensored porn.URL
- <SYSTEM32>\sex1.ico.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\stat[1].php
- <SYSTEM32>\winupdate.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\t[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\stat[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\stat[1].php
- 'li#####ateservice.cn':80
- 'pr######ononlineinfo.com':80
- 'tr####maxinside.cn':80
- pr######ononlineinfo.com/tk2/link/t.php?vz###############################################
- li#####ateservice.cn/sex1.ico
- tr####maxinside.cn/sx/scripts/stat.php?ni###############################################
- tr####maxinside.cn/sx/scripts/t.php?ni###############################################
- DNS ASK li#####ateservice.cn
- DNS ASK pr######ononlineinfo.com
- DNS ASK tr####maxinside.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''