Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'huqtulmytfib' = '<LS_APPDATA>\WinUltraAv.exe'
- <LS_APPDATA>\WinUltraAv.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\locksteps[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\taronjax[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\vipcines[1].htm
- <LS_APPDATA>\WinUltraAv.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gertnor[1].htm
- 'lo###teps.in':80
- 'ta###jax.biz':80
- 'ge##nor.kz':80
- 'vi###nes.com':80
- DNS ASK lo###teps.in
- DNS ASK ta###jax.biz
- DNS ASK ge##nor.kz
- DNS ASK vi###nes.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''