Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winhost' = '<SYSTEM32>\svichost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winhost' = '<SYSTEM32>\svichost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\svichost.exe' = '<SYSTEM32>\svichost.exe:*:Enabled:Windows host'
- <SYSTEM32>\svichost.exe
- <SYSTEM32>\taskkill.exe /IM svichost.exe /F
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\server[1].txt
- <SYSTEM32>\LIST_-1998166001_CRNJEUFU.txt
- <SYSTEM32>\base.dll
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- <SYSTEM32>\svichost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\server[1].txt
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- 'wi####vice.x10.bz':80
- wi####vice.x10.bz/server.txt
- DNS ASK wi####vice.x10.bz
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''