Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'u' = '<SYSTEM32>\serv.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{B3956E10-8733-6B87-04AC-6D63B85E2450}] 'StubPath' = '<SYSTEM32>\serv.exe'
- '%PROGRAM_FILES%\serverbuli.net.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %PROGRAM_FILES%\girls.jpg
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\serv.exe
- %HOMEPATH%\Recent\girls.lnk
- %HOMEPATH%\Recent\Program Files.lnk
- %TEMP%\sfx.ini
- %PROGRAM_FILES%\serverbuli.net.exe
- %PROGRAM_FILES%\girls.jpg
- %TEMP%\sfx.ini
- 'localhost':3460
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''