Техническая информация
- '%TEMP%\Loader.exe'
- [<HKLM>\SOFTWARE\FlashFXP]
- [<HKLM>\Software\Ghisler\Total Commander]
- [<HKCU>\Software\Ghisler\Total Commander]
- [<HKCU>\Software\Far\Plugins\FTP\Hosts]
- [<HKCU>\Software\Far2\Plugins\FTP\Hosts]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\response[1].asp
- <Текущая директория>\ufr_files\NO_PWDS_report_27-06-2013_18-21-43-HDPO.bin
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\Tops[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\KichHoat[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].txt
- %TEMP%\report_27-06-2013_18-21-43-HDPO.bin
- %TEMP%\Loader.exe
- %TEMP%\NO_PWDS_report_27-06-2013_18-21-43-HDPO.bin
- <DRIVERS>\etc\hosts
- %TEMP%\NO_PWDS_report_27-06-2013_18-21-43-HDPO.bin
- %TEMP%\report_27-06-2013_18-21-43-HDPO.bin в %TEMP%\NO_PWDS_report_27-06-2013_18-21-43-HDPO.bin
- 'localhost':1039
- 'au##.#earch.msn.com':80
- '94.##0.191.201':25
- 'ha##ib.net':80
- ha##ib.net/Ads/KichHoat.html
- ha##ib.net/Tops.php
- ha##ib.net/1.txt
- au##.#earch.msn.com/response.asp?MT###########################
- DNS ASK au##.#earch.msn.com
- DNS ASK ha##ib.net
- DNS ASK sm##.mail.ru
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'