Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Follower] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Follower] 'ImagePath' = '<Полный путь к файлу>'
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\tds2[1].php
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\tds2[2].php
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\tds2[3].php
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\tds2[4].php
- 'localhost':1038
- 'gi###irect.net':80
- http://gi###irect.net/1/tds2.php
- DNS ASK gi###irect.net
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '<Полный путь к файлу>' /install /silent
- '<Полный путь к файлу>'