Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Services\mzrqff] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet003\Services\mzrqff\Parameters] 'ServiceDll' = '<SYSTEM32>\mzrqff.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\yzrqffha] 'ImagePath' = '<SYSTEM32>\mzrqff.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\yzrqffha] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\mzrqff] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\mzrqff] 'ImagePath' = '<SYSTEM32>\svchost.exe -k mzrqff'
- [<HKLM>\SYSTEM\ControlSet001\Services\mzrqff] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\mzrqff\Parameters] 'ServiceDll' = '<SYSTEM32>\mzrqff.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\mzrqff\Parameters] 'ServiceDll' = '<SYSTEM32>\mzrqff.dll'
- '<SYSTEM32>\svchost.exe' -k mzrqff
- NtDeviceIoControlFile, драйвер-обработчик: mzrqff.sys
- %WINDIR%\Temp\2996.tmp
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\admin_new[2].asp
- %WINDIR%\Temp\2976.tmp
- <SYSTEM32>\mzrqff.dll
- <SYSTEM32>\mzrqff.sys
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\admin_new[1].asp
- 'www.oy##.com':80
- http://www.oy##.com/admin/admin_new.asp
- DNS ASK www.oy##.com