Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'avg' = 'C:\Arquivos de programas\avg.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = 'C:\Arquivos de programas\Windows Media Player\ .exe'
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = 'helpwin'
- Центр обеспечения безопасности (Security Center)
- %WINDIR%\Help2k\helpwin.exe
- %WINDIR%\Help2k\helpwin.RRI
- 'mi####.iespana.es':80
- http://mi####.iespana.es/la.php
- DNS ASK mi####.iespana.es
- ClassName: '' WindowName: ''
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'TabWindowClass' WindowName: ''
- ClassName: 'Shell DocObject View' WindowName: ''
- ClassName: 'Internet Explorer_Server' WindowName: ''
- '<SYSTEM32>\reg.exe' ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v "BootExecute" /d helpwin /t "REG_MULTI_SZ" /f
- '<SYSTEM32>\sc.exe' stop Alerter
- '<SYSTEM32>\sc.exe' config Alerter start= disabled
- '<SYSTEM32>\sc.exe' stop wscsvc
- '<SYSTEM32>\sc.exe' config wscsvc start= disabled