Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ShareAcces] 'Start' = '00000002'
- %HOMEPATH%\kill.exe
- %CommonProgramFiles%\MasCom\UpdatesWuauservsa.exe
- C:\setups214.exe
- C:\Server.exe
- %HOMEPATH%\kill.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\kill[1].exe
- %HOMEPATH%\ctfmon.exe
- %HOMEPATH%\kill.exe
- %HOMEPATH%\kill.dll
- C:\Server.exe
- C:\setups214.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\webserver[1].exe
- %CommonProgramFiles%\MasCom\UpdatesWuauservsa.exe
- 'www.sc##yy.com':80
- 'localhost':1036
- www.sc##yy.com/images/index_bn/kill.exe
- www.sc##yy.com/images/index_bn/webserver.exe
- DNS ASK cj####.ghostcn.com
- DNS ASK www.sc##yy.com
- 'cj####.ghostcn.com':10500