Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\AltShell.dat'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\rmnvenssxuawfzixwy-taryrvzypqxasg_abxiki-nlve_lpmn_xafios-apmr-aaeo-xemnnc-ztdxyuigkmbs-spny-[1].html
- %APPDATA%\AltShell.ini
- %APPDATA%\AltShell.dat
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\kmnskv-oqbpttkwnnchuzslqxtw-blne-oxiu-zpzyefjrhkiurr-swqx-pqhtuogbsb_znmnsqamqxlw_wbci-fzur[1].php
- 'pa##c.pw':80
- 'pi##odes.pw':80
- http://pa##c.pw/news/rmnvenssxuawfzixwy-taryrvzypqxasg_abxiki-nlve_lpmn_xafios-apmr-aaeo-xemnnc-ztdxyuigkmbs-spny-.html
- http://pi##odes.pw/community/kmnskv-oqbpttkwnnchuzslqxtw-blne-oxiu-zpzyefjrhkiurr-swqx-pqhtuogbsb_znmnsqamqxlw_wbci-fzur.php
- DNS ASK pa##c.pw
- DNS ASK pi##odes.pw