Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lza.exe' = '"%APPDATA%\lza.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\systems] 'Name' = '%TEMP%\2.tmp'
- %WINDIR%\Tasks\fbagent.job
- %TEMP%\ 28.exe
- %TEMP%\ 18.exe
- <SYSTEM32>\spoolsv.exe
- iexplore.exe
- firefox.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\setup[1].php
- %WINDIR%\Temp\3.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\setup[1].php
- %APPDATA%\vfn.exe
- %TEMP%\2.tmp
- %TEMP%\ 28.exe
- %TEMP%\ 18.exe
- %TEMP%\1.tmp
- %APPDATA%\lza.exe
- 'dd##200.com':80
- 'dd##00.com':80
- dd##00.com/ab8/setup.php?ac######################################
- dd##00.com/ab8/setup.php?ac##################################################
- dd##00.com/ab8/setup.php?ac########
- dd##200.com/ab8/setup.php?ac########
- DNS ASK dd##200.com
- DNS ASK dd##00.com
- '<IP-адрес в локальной сети>':1033