Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '%WINDIR%\sysloader32v.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'resfixmsi' = '%WINDIR%\resfix32v.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- %WINDIR%\resfix32v.exe
- <SYSTEM32>\cmd.exe /c remove.bat
- %WINDIR%\sysloader32v.dll
- %WINDIR%\BIT1.tmp
- %WINDIR%\resfix32v.exe
- %WINDIR%\sysfixmsi.exe
- <Текущая директория>\remove.bat
- %WINDIR%\sysfixmsi.exe
- 'fu####n.funpic.org':80
- 'localhost':1037
- 'wp#d':80
- fu####n.funpic.org/cutekitten8321.jpg
- wp#d/wpad.dat
- DNS ASK fu####n.funpic.org
- DNS ASK wp#d