Техническая информация
- '' (загружен из сети Интернет)
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' http://go.##clasrv.com/afu.php?id########
- %ProgramFiles%\adwizz\adwizz.exe
- %TEMP%\csrvec\csrvec.exe
- %TEMP%\csrvec\BOSD.exe
- '18#.#0.133.109':445
- '18#.#0.133.109':1433
- 'go.##clasrv.com':80
- 'localhost':1059
- 'hi####novation.com':80
- 'wp#d':80
- 'fr###eoip.net':80
- 'ip##fo.io':80
- http://ip##fo.io/ip
- http://fr###eoip.net/xml
- http://go.##clasrv.com/afu.php?id########
- http://hi####novation.com/Extra/Downloads/adwizz.exe
- http://11#.#11.111.1/wpad.dat via wp#d
- http://hi####novation.com/Extra/Downloads/BOSD.exe
- http://hi####novation.com/Extra/Downloads/csrvec.exe
- DNS ASK fr###eoip.net
- DNS ASK go.##clasrv.com
- DNS ASK ip##fo.io
- DNS ASK wp#d
- DNS ASK hi####novation.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- '%TEMP%\csrvec\BOSD.exe'
- '%ProgramFiles%\adwizz\adwizz.exe'
- '<SYSTEM32>\sc.exe' config "csrvec" type= interact type= own
- '<SYSTEM32>\sc.exe' failure "csrvec" reset= 0 actions= restart/60000
- '<SYSTEM32>\sc.exe' config "csrvec" start=auto