Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,,<LS_APPDATA>\Dll.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\Face.exe
- %HOMEPATH%\Start Menu\Programs\Startup\update.exe
- %TEMP%\Face.exe
- <LS_APPDATA>\Dll.exe
- %TEMP%\update.exe
- %TEMP%\Setup.exe
- %APPDATA%\DYA_KPIGICMVTCFSPJHAW\1.0.0\Data\dya.dat
- %ALLUSERSPROFILE%\Application Data\DYA_KPIGICMVTCFSPJHAW\1.0.0\Data\updates.dat
- %ALLUSERSPROFILE%\Application Data\DYA_KPIGICMVTCFSPJHAW\1.0.0\Data\app.dat
- %ALLUSERSPROFILE%\Application Data\DYA_KPIGICMVTCFSPJHAW\1.0.0:$SS_DESCRIPTOR_SBXNV9VVGV1BFPKH6V9XBN63RFPT9L0BF5AVJKVFSPF7VBCVP4GF
- <LS_APPDATA>\Images\%USERNAME%\24-09-2012\22-41-30
- <LS_APPDATA>\Dll.exe
- %ALLUSERSPROFILE%\Desktop:$SS_DESCRIPTOR_SBXNV9VVGV1BFPKH6V9XBN63RFPT9L0BF5AVJKVFSPF7VBCVP4GF
- %TEMP%\$inst\15.tmp
- %TEMP%\aut2.tmp
- %TEMP%\update.exe
- %TEMP%\aut1.tmp
- %TEMP%\Setup.exe
- %TEMP%\$inst\17.tmp
- %TEMP%\Face.exe
- %TEMP%\aut3.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'la#####s2010.myftp.biz':6666
- DNS ASK la#####s2010.myftp.biz
- ClassName: 'Shell_TrayWnd' WindowName: ''