Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Phxphx Qiyqh] 'ImagePath' = '%ProgramFiles%\StormII\Start.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Phxphx Qiyqh] 'Start' = '00000002'
- '<SYSTEM32>\wscript.exe' "C:\1128.vbs"
- '%WINDIR%\0data.exe' (загружен из сети Интернет)
- '%ProgramFiles%\StormII\Start.exe'
- '%WINDIR%\0data.exe'
- %TEMP%\WERf8da.dir00\appcompat.txt
- %TEMP%\WERf8da.dir00\Start.exe.hdmp
- C:\1128.vbs
- %TEMP%\WERf8da.dir00\manifest.txt
- %ProgramFiles%\StormII\Start.exe
- %WINDIR%\0data.exe
- %TEMP%\WERf8da.dir00\Start.exe.mdmp
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\odata[1].exe
- %ProgramFiles%\StormII\Start.exe
- C:\1128.vbs
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\odata[1].exe
- 'localhost':1042
- 'au##s.cn':80
- 'localhost':1039
- http://au##s.cn/odata.exe
- DNS ASK au##s.cn