Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,Ir32_a.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\Ir32_a.exe
- 'ww###.#alumalu2008.com':80
- ww###.#alumalu2008.com/www32/www32.bmp
- ww###.#alumalu2008.com/www32/www32.jpg
- ww###.#alumalu2008.com/www32/www32.gif
- DNS ASK www.ch##a.com
- DNS ASK ww###.#alumalu2008.com
- DNS ASK th###.threewan.com