Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] '{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}' = 'DDE Control Module'
- <SYSTEM32>\msbar.exe
- <SYSTEM32>\msbar.exe (загружен из сети Интернет)
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\mshelper.dll
- <SYSTEM32>\rundll32.exe <SYSTEM32>\mtwirl.dll,load
- <SYSTEM32>\wecxg32.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\asd3[1].dll
- <SYSTEM32>\zxmsn.dll
- <SYSTEM32>\cidpoq32.dll
- <SYSTEM32>\gupd.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cnt[1].php
- <Текущая директория>\y
- <SYSTEM32>\msbar.exe
- <SYSTEM32>\mshelper.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\tbar[1].exe
- <SYSTEM32>\cidft.dll
- <SYSTEM32>\mtjpgh.dll
- <SYSTEM32>\mtjpgb.dll
- <SYSTEM32>\mtwirl.dll
- <SYSTEM32>\mtwcnl32.dll
- <SYSTEM32>\nthst32.dll
- <SYSTEM32>\xcwer32.dll
- <SYSTEM32>\sdfup.dll
- <SYSTEM32>\icvbr.dll
- <SYSTEM32>\icnfe.dll
- <SYSTEM32>\icqrt.dll
- 'ha####new-year.biz':80
- 'localhost':1035
- ha####new-year.biz/cnt.php?u=####
- ha####new-year.biz/tbar.exe
- ha####new-year.biz/asd3.dll
- DNS ASK ha####new-year.biz