Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '%TEMP%\2.exe' = '%TEMP%\2.exe'
- %TEMP%\13670.exe
- %WINDIR%\cnt.exe 13670
- %TEMP%\1.exe
- %TEMP%\2.exe
- %WINDIR%\cnt.exe (загружен из сети Интернет)
- <SYSTEM32>\nvwrseng32.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\downurl[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\51.ac[1]
- %WINDIR%\cnt.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\13670[1].exe
- <SYSTEM32>\wbem\SysOption.bin
- %TEMP%\1.exe
- %TEMP%\nsa2.tmp
- %TEMP%\2.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\IEHelper\IEHelper_5045.dll
- %TEMP%\13670.exe
- %TEMP%\2.exe
- %TEMP%\13670.exe
- <SYSTEM32>\nvwrseng32.dll
- %TEMP%\1.exe
- 'localhost':1040
- 'www.51.#c.cn':80
- 'do##.51.ac.cn':80
- 'localhost':1036
- 'up###.j7y.net':80
- 'localhost':1039
- do##.51.ac.cn/13670.exe
- www.51.#c.cn/
- up###.j7y.net/upcfg/downurl.txt
- DNS ASK do##.51.ac.cn
- DNS ASK www.51.#c.cn
- DNS ASK up###.j7y.net
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''