Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\WindowsUpdater.lnk
- %HOMEPATH%\Start Menu\Programs\Startup\WindowsUpdater.lnk
- <SYSTEM32>\xcopy.exe "%HOMEPATH%\Start Menu\Programs\Startup\WindowsUpdater.lnk" "%ALLUSERSPROFILE%\Start Menu\Programs\Startup" /Y
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\webmall[2].php
- %WINDIR%\Temp\MZђ.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\webmall[1].php
- 'n0##4u.com':80
- n0##4u.com/webmall.php?cd#############################
- n0##4u.com/webmall/CRNJEUFU/MZ?
- n0##4u.com/webmall.php?cd############################
- DNS ASK n0##4u.com
- '<IP-адрес в локальной сети>':1035