Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OKGO' = '%WINDIR%\System\winsidat.exe'
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = 'autocheck autochk *\nPapai'
- %WINDIR%\system\winsidat.exe
- 'pb####.prohosts.org':80
- http://pb####.prohosts.org/index.php
- DNS ASK pb####.prohosts.org