Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinLogon' = '"%TEMP%\winlogon.com" -autorun'
- firefox.exe
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe;.com;.scr'
- %TEMP%\winconfigtemp
- %TEMP%\winlogon.com
- C:\1024.js
- %TEMP%\systemfile.txt
- <DRIVERS>\etc\hosts
- http://www.bu##sys.net/includes/add.php
- http://bu##sys.net/includes/add.php
- DNS ASK tr###ozica.com
- DNS ASK bu##sys.net