Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Winservice' = '%WINDIR%\winservice.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Winservice' = '%WINDIR%\winservice.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Systemwatcher' = '%WINDIR%\csrse.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Systemwatcher' = '%WINDIR%\csrse.exe'
- %WINDIR%\winservice.exe
- %WINDIR%\tinservice.exe
- %WINDIR%\csrse.exe
- %WINDIR%\wins.src
- http://x2#.#trom.com/command.txt
- http://x2#.#trom.com/bot.php?hw##################################################################################
- DNS ASK x2#.#trom.com
- DNS ASK se##.com
- '%WINDIR%\csrse.exe'