Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\BingServe_2003] 'Start' = '00000002'
- <SYSTEM32>\SVCH0ST.EXE -NetSata
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\Deleteme.bat
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <SYSTEM32>\Deleteme.bat
- %TEMP%\26D488F2.TMP
- <SYSTEM32>\SVCH0ST.EXE
- <SYSTEM32>\SVCH0ST.EXE
- '20#.#8.205.150':808
- DNS ASK www.16#.com
- ClassName: 'MS_WINHELP' WindowName: ''