Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hASHSx' = 'C:\WINNT\SYSTEM32\ipibik.exe'
- 'C:\WINNT\SYSTEM32\ipibik.exe'
- 'C:\WINNT\SYSTEM32\pujo.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\b[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\b[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\b[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\b[1].php
- C:\WINNT\SYSTEM32\pujo.exe
- C:\WINNT\SYSTEM32\ipibik.exe
- C:\r.bat
- C:\WINNT\SYSTEM32\pujo.exe
- 'yo###.bondon.info':80
- 'ro###.bounceme.net':80
- 'vc##.hopto.org':80
- 'localhost':1037
- 'ro####.homeunix.net':80
- yo###.bondon.info/b.php?17##
- ro###.bounceme.net/b.php?17##
- ro####.homeunix.net/b.php?17##
- vc##.hopto.org/b.php?17##
- DNS ASK yo###.bondon.info
- DNS ASK ro###.bounceme.net
- DNS ASK ro####.homeunix.net
- DNS ASK vc##.hopto.org
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'