Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe "%PROGRAM_FILES%\qrfgu\obmokcd.exe"'
- "%TEMP%\Setup_3.exe" (загружен из сети Интернет)
- "%TEMP%\UUSee8409.exe" (загружен из сети Интернет)
- <SYSTEM32>\svchost.exe
- %TEMP%\UUSee8409.exe
- %TEMP%\Setup_3.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\getip[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\up_2[1].asp
- 'cy.##815.com':80
- '22#.#17.240.30':80
- 'www.33##.org':80
- '61.##7.116.170':90
- 'localhost':1040
- 22#.#17.240.30/soft/UUSee8409.exe
- 22#.#17.240.30/soft/Setup_3.exe
- www.33##.org/dyndns/getip
- cy.##815.com/up_2.asp?a=###########################
- DNS ASK cy.##815.com
- DNS ASK www.33##.org
- ClassName: 'Shell_TrayWnd' WindowName: ''