Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'services' = '%WINDIR%\services.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'smss' = '%WINDIR%\smss.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lsass' = '%WINDIR%\lsass.exe'
- %WINDIR%\smss.exe
- %WINDIR%\lsass.exe
- %WINDIR%\Hit.exe
- %WINDIR%\services.exe
- %WINDIR%\smss.$$A
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\users[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\botnet[1].txt
- %WINDIR%\services.$$A
- %WINDIR%\lsass.$$A
- %WINDIR%\Hit.$$A
- %WINDIR%\MSWINSCK.$$A
- %WINDIR%\MSINET.$$A
- %TEMP%\~DF6C78.tmp
- 'www.ze###ool.com':80
- 'ka###risi.net':80
- 'localhost':1036
- 'localhost':1037
- ka###risi.net/rant.txt
- www.ze###ool.com/botnet.txt
- www.ze###ool.com/users.php?ty####
- DNS ASK ka###risi.net
- DNS ASK www.ze###ool.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'InstItClass' WindowName: ''