Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WdefService] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\WdefService] 'ImagePath' = '%ProgramFiles%\Java\wdefender.exe'
- %TEMP%\0x00temp.exe
- %TEMP%\0xSTempWU.exe
- %TEMP%\startx.bat
- %ProgramFiles%\Java\usernet.exe
- %ProgramFiles%\Java\wdefender.exe
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\WmiSecSrv32[1].exe
- %ProgramFiles%\Java\WmiSecSrv.exe
- 'co###iles.tk':80
- http://www.co###iles.tk/WmiSecSrv32.exe via co###iles.tk
- DNS ASK www.co###iles.tk
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- '%TEMP%\0xSTempWU.exe'
- '%TEMP%\0x00temp.exe'
- '%ProgramFiles%\Java\wdefender.exe' /install /silent
- '%ProgramFiles%\Java\wdefender.exe'
- '%ProgramFiles%\Java\usernet.exe'
- '<SYSTEM32>\cmd.exe' /c startx.bat
- '<SYSTEM32>\net.exe' start WdefService
- '<SYSTEM32>\net1.exe' start WdefService