Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WdslManager' = '%WINDIR%\Temp\wd32kg.exe'
- '%TEMP%\sysprintx.exe'
- '%TEMP%\scrnsave.exe' /S /adv 1738
- '%TEMP%\wd32kg.exe'
- '' (загружен из сети Интернет)
- %TEMP%\wd32kg.exe
- %TEMP%\sysprintx.exe
- %TEMP%\scrnsave.exe
- %TEMP%\wdsl6.xml
- %TEMP%\msint12.sys
- %TEMP%\gdsl34.bmp
- %TEMP%\rdpcli2.scr
- %TEMP%\nsj2.tmp\System.dll
- %TEMP%\nsj2.tmp\inetc.dll
- %TEMP%\nsj2.tmp\blowfish.dll
- 'qt##k.info':80
- 'ci##u.gdn':80
- http://qt##k.info/gp/geoip.php
- http://ci##u.gdn/prv.php
- http://ci##u.gdn/ppt.php
- DNS ASK qt##k.info
- DNS ASK ci##u.gdn