Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '360WallPaper' = '%PROGRAM_FILES%\Windows NT\Microsoft\360wpsrv.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\servicin\suv12.ini
- %PROGRAM_FILES%\Windows NT\Microsoft\crt.dll
- <SYSTEM32>\blognew.ini
- %PROGRAM_FILES%\Windows NT\Microsoft\TEMP.TMP
- %PROGRAM_FILES%\Windows NT\TEMP.TMP
- %WINDIR%\servicin\tugu.txt
- %WINDIR%\servicin\zihu.txt
- %PROGRAM_FILES%\AppPatch\NetSyst81.dll
- %WINDIR%\servicin\muaa.txt
- %WINDIR%\servicin\suv12.ini
- %PROGRAM_FILES%\Windows NT\Microsoft\crt.dll
- %PROGRAM_FILES%\Windows NT\Microsoft\TEMP.TMP
- %PROGRAM_FILES%\Windows NT\TEMP.TMP
- 'us##.#zone.qq.com':80
- 'b1#.##one.qq.com':80
- '36##.f3322.org':5880
- http://us##.#zone.qq.com/395659444
- http://b1#.##one.qq.com/cgi-bin/blognew/blog_output_data?ui#############################
- DNS ASK b1#.##one.qq.com
- DNS ASK us##.#zone.qq.com
- DNS ASK www.ba##u.com
- DNS ASK 36##.f3322.org
- ClassName: 'Indicator' WindowName: ''