Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Packet Sender] 'Start' = '00000002'
- %APPDATA%\Userinit.exe srv
- <SYSTEM32>\netsh.exe firewall add allowedprogram %APPDATA%\Userinit.exe "Windows Update Viewer" ENABLE
- %WINDIR%\Temp\u123234
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\doit[1].php
- %APPDATA%\Userinit.exe
- 'no##eka.cn':80
- 'localhost':1035
- no##eka.cn/404/doit.php?v=################################
- DNS ASK no##eka.cn