Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Richgirl' = 'vagqsqs.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Richgirl' = 'vagqsqs.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'qgqqft' = 'C:\WINNT\SYSTEM32\baska.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Richgirl' = 'vagqsqs.exe'
- <SYSTEM32>\vagqsqs.exe
- C:\WINNT\SYSTEM32\baska.exe
- C:\WINNT\SYSTEM32\basak.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\b[1].php
- C:\systemile
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\b[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\b[1].php
- C:\WINNT\SYSTEM32\basak.exe
- C:\WINNT\SYSTEM32\baska.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\b[1].php
- <SYSTEM32>\vagqsqs.exe
- 'mn##geq.nu':80
- 'cv####cxf.mine.nu':80
- 'un####3.marde.info':8000
- 'localhost':1035
- '69.##.235.227':80
- 'fb####.dynalias.net':80
- mn##geq.nu/b.php?19###
- cv####cxf.mine.nu/b.php?19###
- 69.##.235.227/b.php?19###
- fb####.dynalias.net/b.php?19###
- DNS ASK cv####cxf.mine.nu
- DNS ASK un####3.marde.info
- DNS ASK fb####.dynalias.net
- DNS ASK mn##geq.nu
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''