Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgsvc.exe] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3LTray.exe] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3LSvc.exe] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AYUpdate.aye] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AYAgent.aye] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AYServiceNt.aye] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ALYac.aye] 'Debugger' = 'svchost.exe'
- <SYSTEM32>\down.txt
- <SYSTEM32>\systemInfomations.ini
- %TEMP%\DogKiller.sys
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\d[1].txt
- %TEMP%\DogKiller.sys
- '21#.#3.121.170':80
- 'localhost':1037
- '21#.##.121.1clcount':80
- 21#.#3.121.170/d.txt
- 21#.##.121.1clcount/count.asp?ma#############################
- DNS ASK 21#.##.121.1clcount