Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%PROGRAM_FILES%\ESET\TNod User & Password Finder\reader.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cpu[1].zip
- 'gt###-free.ru':80
- gt###-free.ru/AdminCP/admcp.php?vi#####
- gt###-free.ru/AdminCP/cpu.zip
- DNS ASK gt###-free.ru
- ClassName: 'Indicator' WindowName: '(null)'