Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'schost' = '<SYSTEM32>\schost.exe'
- <SYSTEM32>\schost.exe
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\DelMe.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\tj[1].asp
- <SYSTEM32>\DelMe.bat
- <SYSTEM32>\schost.exe
- 'tz.###odeqian.cn':80
- 'localhost':1036
- tz.###odeqian.cn/tj.asp?,0##############################################
- DNS ASK tz.###odeqian.cn