Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'task' = '%HOMEPATH%\Local Settings\task.exe'
- '%HOMEPATH%\Local Settings\task.exe'
- '%HOMEPATH%\Local Settings\sjs1.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %HOMEPATH%\Local Settings\list1.JPG
- opera.exe
- %HOMEPATH%\Local Settings\task.exe
- %HOMEPATH%\Recent\list1.lnk
- %HOMEPATH%\Recent\Local Settings.lnk
- %HOMEPATH%\Local Settings\list1.JPG
- %HOMEPATH%\Local Settings\sjs1.exe
- %HOMEPATH%\Local Settings\sfjdj.dll
- 'www.sj###nepia.com':80
- www.sj###nepia.com/new/staf/lq/i/reg/login/login.asp?id####################################################
- www.sj###nepia.com/new/staf/lq/i/reg/login/key_3_01_2010_1.png
- www.sj###nepia.com/new/staf/config/logad.asp?pa########################################################################################################################################
- www.sj###nepia.com/new/staf/default.asp
- www.sj###nepia.com/new/staf/config/login_verify.asp?&.######
- www.sj###nepia.com/new/staf/i/reg/cs.gif
- DNS ASK www.sj###nepia.com
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'