Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost' = ''
- %APPDATA%\Windows\svchost.exe
- %APPDATA%\Windows\svchost.exe cmd blancanieves
- %APPDATA%\Windows\svchost.exe (загружен из сети Интернет)
- %APPDATA%\Windows\winupdate.exe
- %TEMP%\update.pdf
- %APPDATA%\Windows\ManagedWifi.dll
- <LS_APPDATA>\Plugins Update\Adobe Reader Plugin\2.0.1.12\log.txt
- %APPDATA%\Windows\svchost.exe
- %APPDATA%\Windows\svchost.exe
- 'www.se###rblue.biz':80
- 'wp#d':80
- www.se###rblue.biz/setupStealth/ManagedWifi.dll
- www.se###rblue.biz/setupStealth/svchost.exe
- www.se###rblue.biz/files/update.pdf
- www.se###rblue.biz/setupStealth/winupdate.exe
- www.se###rblue.biz/poison/webservice.php?eA################################
- wp#d/wpad.dat
- www.se###rblue.biz/stealth/webservice.php?eA#################################
- www.se###rblue.biz/poison/webservice.php?eA#############################
- DNS ASK www.se###rblue.biz
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''