Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rundll122' = '%WINDIR%\HI32.EXE IRD11.bat'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rundll121' = '%WINDIR%\SPOOL11.EXE'
- %WINDIR%\hi32.exe netsvcs11.exe 111.dll
- %WINDIR%\netsvcs11.exe 111.dll
- %WINDIR%\hi32.exe ird11.bat
- %WINDIR%\hi32.exe ftpd11.bat
- %WINDIR%\spool11.exe
- <SYSTEM32>\cmd.exe /c ird11.bat
- %WINDIR%\regedit.exe /s %WINDIR%\auto11.reg
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\first11.bat" "
- <SYSTEM32>\cmd.exe /c ftpd11.bat
- %WINDIR%\auto11.reg
- %WINDIR%\111.dll
- %WINDIR%\spool11.exe
- %WINDIR%\mybot.pid
- %WINDIR%\mybot.log
- %WINDIR%\first11.bat
- %WINDIR%\ird11.bat
- %WINDIR%\hi32.exe
- %WINDIR%\ftpd11.bat
- %WINDIR%\spool.ini
- %WINDIR%\netsvcs.dll
- %WINDIR%\netsvcs11.exe
- 'localhost':1055
- 'localhost':1052
- 'localhost':1050
- 'localhost':1061
- 'localhost':1059
- 'localhost':1057
- 'localhost':1041
- 'localhost':1039
- 'da#####er.allmp3s.net':6667
- 'localhost':1048
- 'localhost':1045
- 'localhost':1043
- DNS ASK da#####er.allmp3s.net
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''