Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'serven pack 3' = '%WINDIR%\config\ctfmon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ant Virus 2010 atualizacao' = '%WINDIR%\config\cssrss.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'msn 8.5' = '%WINDIR%\config\svchost.exe'
- %WINDIR%\Config\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\svchost[1].txt
- %WINDIR%\Config\ctfmon.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\ctfmon[1].txt
- %WINDIR%\Config\iexplorer.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\iexplore[1].txt
- %WINDIR%\Config\cssrss.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cssrss[1].txt
- 'la####occo.adv.br':80
- 'localhost':1035
- la####occo.adv.br/images/svchost.txt
- la####occo.adv.br/images/ctfmon.txt
- la####occo.adv.br/images/iexplore.txt
- la####occo.adv.br/images/cssrss.txt
- DNS ASK la####occo.adv.br
- '<IP-адрес в локальной сети>':1036