Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%WINDIR%\Update.exe /'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%WINDIR%\Update.exe /'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%WINDIR%\system\Update.exe /'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%WINDIR%\system\Update.exe /'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '<SYSTEM32>\Update.exe /'
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' http://67.##.83.250/~splinter/Application_Logs/Troj.php
- %WINDIR%\system\Cur.cur
- %WINDIR%\Update.exe
- %WINDIR%\system\Update.exe
- <SYSTEM32>\Update.exe
- %WINDIR%\Update.exe
- %WINDIR%\system\Update.exe
- <SYSTEM32>\Update.exe
- 'localhost':1037
- '67.##.83.250':80
- http://67.##.83.250/~splinter/Application_Logs/Troj.php
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''