Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinTouch' = '%PROGRAM_FILES%\WinTouch\WinTouch.exe'
- %PROGRAM_FILES%\WinTouch\WinTouch.exe /install
- %WINDIR%\caktxrbt.exe
- %PROGRAM_FILES%\InetGet2\WinTouchInstaller.exe
- %PROGRAM_FILES%\WinTouch\WinTouch.exe (загружен из сети Интернет)
- %WINDIR%\caktxrbt.exe (загружен из сети Интернет)
- %TEMP%\WinTouch.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\upd[1].php
- %PROGRAM_FILES%\WinTouch\WTUninstaller.exe
- %PROGRAM_FILES%\WinTouch\WinTouch.exe
- %WINDIR%\caktxrbt.exe
- %TEMP%\caktxrbt.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\upd[1].php
- %TEMP%\WTUninstaller.exe
- %PROGRAM_FILES%\InetGet2\WinTouchInstaller.exe
- %TEMP%\nss3.tmp\System.dll
- %TEMP%\nsc2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\upd[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\upd[1].php
- %PROGRAM_FILES%\WinTouch\wintouch.cfg
- %TEMP%\wintouch.cfg
- %TEMP%\WinTouch.exe
- %TEMP%\caktxrbt.exe
- %TEMP%\wintouch.cfg
- %TEMP%\WTUninstaller.exe
- 'www.wi###ouch.com':80
- www.wi###ouch.com/upd.php?wt####################################################################################################
- www.wi###ouch.com/upd.php?wt####################################
- DNS ASK www.wi###ouch.com