Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ntos.exe' = '%APPDATA%\ntos.exe'
- <SYSTEM32>\cmd.exe /c "%APPDATA%\del.bat "
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gate[1].php
- %APPDATA%\del.bat
- %APPDATA%\ntos.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gate[1].php
- 'my####yfriend.cz.cc':80
- 'fo####help.cz.cc':80
- 'df####sdfdff.cz.cc':80
- 'mi####othere.cz.cc':80
- 'qw####sdfsd.cz.cc':80
- my####yfriend.cz.cc/image/gate.php?ge###################
- fo####help.cz.cc/image/gate.php?ge###################
- df####sdfdff.cz.cc/image/gate.php?ge###################
- mi####othere.cz.cc/image/gate.php?ge###################
- qw####sdfsd.cz.cc/image/gate.php?ge###################
- DNS ASK df####sdfdff.cz.cc
- DNS ASK my####yfriend.cz.cc
- DNS ASK fo####help.cz.cc
- DNS ASK mi####othere.cz.cc
- DNS ASK qw####sdfsd.cz.cc
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Indicator' WindowName: ''