Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'LiveMessenge' = '%PROGRAM_FILES%\sunsystens\msnmsgc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'LiveMessenger' = '%PROGRAM_FILES%\sunsystens\live.exe'
- %TEMP%\msnmsgc.exe
- %PROGRAM_FILES%\sunsystens\msnmsgc.exe
- %PROGRAM_FILES%\sunsystens\live.exe
- <SYSTEM32>\regsvr32.exe "%PROGRAM_FILES%\sunsystens\LTGET2.dll" /s
- <SYSTEM32>\regsvr32.exe "%PROGRAM_FILES%\sunsystens\BTGET2.dll" /s
- msnmsgr.exe
- %PROGRAM_FILES%\sunsystens\LTGET2.dll
- %PROGRAM_FILES%\sunsystens\BTGET2.dll
- %PROGRAM_FILES%\sunsystens\live.exe
- %TEMP%\msnmsgc.exe
- %PROGRAM_FILES%\sunsystens\msnmsgc.exe
- %TEMP%\BGETMSN.dll
- %TEMP%\tube.x
- %TEMP%\LGETMSN.dll
- %TEMP%\MGETMSN.exe
- %TEMP%\live.exe
- %TEMP%\live.exe
- %TEMP%\MGETMSN.exe
- %TEMP%\BGETMSN.dll
- %TEMP%\LGETMSN.dll
- '67.##5.160.76':80
- 'ws########a.hospedagem-de-site.info':80
- 'to######ine.heliohost.org':80
- 'www.ws###rencia.com':80
- ws########a.hospedagem-de-site.info/imagens/mensagens.txt
- to######ine.heliohost.org/msn.jpg
- www.ws###rencia.com/action.php
- to######ine.heliohost.org/acesso/acesso.php
- DNS ASK www.ya##o.com
- DNS ASK ws########a.hospedagem-de-site.info
- DNS ASK to######ine.heliohost.org
- DNS ASK www.ws###rencia.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''