Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\COMCyApp] 'ImagePath' = '<SYSTEM32>\svchost.exe -k comsvcs'
- [<HKLM>\SYSTEM\ControlSet001\Services\COMCyApp\Parameters] 'ServiceDll' = '%HOMEPATH%\xpsp2ers.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\awidrcasd] 'ImagePath' = '<Текущая директория>\atapi.jpg'
- [<HKLM>\SYSTEM\ControlSet001\Services\COMCyApp] 'Start' = '00000002'
- '<SYSTEM32>\calc.exe'
- '<SYSTEM32>\svchost.exe' -k comsvcs
- <SYSTEM32>\calc.exe
- %HOMEPATH%\xpsp2ers.dll
- %TEMP%\atapi.jpg
- 'uu.##3host.com':80
- http://uu.##3host.com/Snphp/G67V.php?XB##################################################################################################################################
- DNS ASK uu.##3host.com