Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<SYSTEM32>\intel.dll'
- %TEMP%\svohost.exe
- <SYSTEM32>\ipconfig.exe /flushdns
- <SYSTEM32>\attrib.exe -R -H <DRIVERS>\etc\hosts
- <SYSTEM32>\A.log
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ghost[1].ini
- %TEMP%\gh0st.var
- %TEMP%\ini.var
- %TEMP%\hi-jack.res
- %TEMP%\svohost.exe
- <SYSTEM32>\intel.dll
- <DRIVERS>\etc\hosts
- 'gh#.#1dwn.com':80
- 'localhost':1038
- 'bk.##nssion.com':80
- gh#.#1dwn.com/ghost.ini
- bk.##nssion.com/count.asp?ma###################
- DNS ASK gh#.#1dwn.com
- DNS ASK bk.##nssion.com