Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'userinit32' = '<SYSTEM32>\userinit32.exe'
- <SYSTEM32>\userinit32.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\Server[1].php
- %WINDIR%\info.txt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\Server[1].php
- <SYSTEM32>\userinit32.exe
- 'ni####ro.myplus.org':80
- http://ni####ro.myplus.org/Server.php
- DNS ASK ni####ro.myplus.org
- '<SYSTEM32>\userinit32.exe' 0