Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CTFMON' = '%WINDIR%\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Google Update' = '%WINDIR%\Update.exe'
- <SYSTEM32>\msiexec.exe /V
- <SYSTEM32>\msiexec.exe /i "%WINDIR%\msupdate.msi" -quiet
- %WINDIR%\msupdate.msi
- %WINDIR%\Update.exe
- %WINDIR%\svchost.exe
- 'ga####rg.narod2.ru':80
- ga####rg.narod2.ru/news/bot/msupdate.msi
- ga####rg.narod2.ru/news/bot/Update.exe
- ga####rg.narod2.ru/news/bot/svchost.exe
- DNS ASK ga####rg.narod2.ru
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Indicator' WindowName: ''