Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svhost' = '<SYSTEM32>\svhost.exe'
- '<SYSTEM32>\svhost.exe'
- <SYSTEM32>\winapt.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xxx[1].php
- <SYSTEM32>\svhost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xxx[1].php
- <SYSTEM32>\winapt.dat
- 'www.co###buse.de':80
- 'localhost':1037
- www.co###buse.de/xxx//xxx.php?a=###########################
- DNS ASK www.co###buse.de