Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ' ' = '%WINDIR%\system\serv.exe'
- [<HKLM>\SYSTEM\ControlSet002\Control\Session Manager] 'BootExecute' = ''
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = ''
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\ControlSet002\Control\Session manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk *\0BLc" /f
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk *\0BLc" /f
- <SYSTEM32>\netsh.exe firewall add allowedprogram program=%windir%\system\serv.exe name=msmq mode=enable scope=all profile=all
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\ControlSet001\Control\Session manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk *\0BLc" /f
- <SYSTEM32>\BLc.exe
- %WINDIR%\system\serv.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\autoexec[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\kill[1].txt
- 'xi##.#oolpage.biz':80
- 'as###sino.nm.ru':80
- 'localhost':1035
- as###sino.nm.ru/kill.txt
- as###sino.nm.ru/autoexec.txt
- xi##.#oolpage.biz/count.php
- DNS ASK xi##.#oolpage.biz
- DNS ASK as###sino.nm.ru
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'