Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\wuauserv] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://www.up####.microsoft.com/
- <SYSTEM32>\sc.exe config wuauserv start= demand
- <SYSTEM32>\sc.exe stop wuauserv
- <SYSTEM32>\sc.exe start wuauserv
- <SYSTEM32>\sc.exe config BITS start= auto
- <SYSTEM32>\sc.exe start BITS
- <SYSTEM32>\sc.exe config wuauserv start= auto
- %TEMP%\nsb3.tmp\ns7.tmp
- %TEMP%\nsb3.tmp\ns6.tmp
- %TEMP%\nsb3.tmp\services.dll
- %TEMP%\nsb3.tmp\ns9.tmp
- %TEMP%\nsb3.tmp\ns8.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\update.microsoft[1]
- %TEMP%\nsb3.tmp\ns5.tmp
- %TEMP%\nsb3.tmp\NSISdl.dll
- %TEMP%\nsb3.tmp\nsisdt.dll
- %TEMP%\nsq2.tmp
- %TEMP%\nsb3.tmp\ns4.tmp
- %TEMP%\nsb3.tmp\nsExec.dll
- <SYSTEM32>\mrt.exe
- %TEMP%\nsb3.tmp\nsExec.dll
- %TEMP%\nsb3.tmp\ns9.tmp
- %TEMP%\nsb3.tmp\NSISdl.dll
- %TEMP%\nsb3.tmp\services.dll
- %TEMP%\nsb3.tmp\nsisdt.dll
- %TEMP%\nsb3.tmp\ns8.tmp
- %TEMP%\nsb3.tmp\ns4.tmp
- <SYSTEM32>\mrt.exe
- %TEMP%\nsb3.tmp\ns5.tmp
- %TEMP%\nsb3.tmp\ns7.tmp
- %TEMP%\nsb3.tmp\ns6.tmp
- '20#.#6.232.182':80
- 'localhost':1038
- 'do##.xnbeta.com':80
- 20#.#6.232.182/
- do##.xnbeta.com/mrt/2011.08.exe
- DNS ASK www.up####.microsoft.com
- DNS ASK do##.xnbeta.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''