Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,,%WINDIR%\pchjcosrv.exe,%ProgramFiles%\microsoft\desktoplayer.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,,%WINDIR%\pchjcosrv.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\PC MxzaZZXX] 'ImagePath' = '%WINDIR%\pchjco.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\PC MxzaZZXX] 'Start' = '00000002'
- C:\Far2\Plugins\WinSCP\WinSCP.dll
- C:\Far2\Plugins\FTP\FarFtp.dll
- %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL
- %CommonProgramFiles%\Microsoft Shared\VC\msdia80.dll
- C:\Far2\FExcept\ExcDump.dll
- C:\Far2\FExcept\demangle32.dll
- C:\Far2\Plugins\Colorer\bin\colorer.dll
- C:\Far2\Plugins\7-Zip\7-ZipFar.dll
- '%WINDIR%\pchjcoSrv.exe'
- '<SYSTEM32>\cmd.exe' /c del <Полный путь к файлу> > nul
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE'
- '<Текущая директория>\<Имя файла>Srv.exe'
- '%WINDIR%\pchjco.exe'
- '%ProgramFiles%\Microsoft\DesktopLayer.exe'
- IEXPLORE.EXE
- %WINDIR%\pchjcoSrv.exe
- %ProgramFiles%\Internet Explorer\dmlconf.dat
- %ProgramFiles%\Microsoft\DesktopLayer.exe
- <Текущая директория>\<Имя файла>Srv.exe
- %WINDIR%\pchjco.exe
- 'xi####aba.f3322.net':8100
- '67.##5.160.76':80
- 'any':8100
- DNS ASK bing.com
- DNS ASK ya##o.com
- DNS ASK google.com
- DNS ASK xi####aba.f3322.net
- DNS ASK fg###career.com