Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = '<SYSTEM32>\MSNMessangerhelp\msnhelpconfig.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = '<SYSTEM32>\MSNMessangerhelp\msnhelpconfig.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = '<SYSTEM32>\MSNMessangerhelp\msnhelpconfig.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '<SYSTEM32>\MSNMessangerhelp\msnhelpconfig.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{6J6H878Q-NKO4-2BG4-15N7-7406RRH12K20}] 'StubPath' = '<SYSTEM32>\MSNMessangerhelp\msnhelpconfig.exe Restart'
- %APPDATA%\microsoft\windows\templates\wztwaokuhhhiqdf.exe.exe
- %WINDIR%\syswow64\msnmessangerhelp\msnhelpconfig.exe
- %TEMP%\user2.txt
- %APPDATA%\userlog.dat
- %TEMP%\user7
- %TEMP%\user8
- <SYSTEM32>\gtsjnqhgvoygidg.exe
- %WINDIR%\syswow64\msnmessangerhelp\msnhelpconfig.exe
- %APPDATA%\userlog.dat
- <SYSTEM32>\gtsjnqhgvoygidg.exe
- %TEMP%\user2.txt
- %TEMP%\user7
- %TEMP%\user8
- %TEMP%\user7
- %TEMP%\user8
- 'se##er.com':80
- http://h1.##pway.com/unusable80/FUD4.2.exe
- DNS ASK se##er.com
- DNS ASK h1.##pway.com
- '%APPDATA%\microsoft\windows\templates\wztwaokuhhhiqdf.exe.exe'
- '%WINDIR%\syswow64\msnmessangerhelp\msnhelpconfig.exe'
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'