Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'RegistryMonitor1' = '<SYSTEM32>\qtplugin.exe'
- [<HKCU>\Software\RIT\The Bat!\]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- [<HKCU>\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts]
- [<HKCU>\Identities\{91255D00-95D9-49F5-8E84-7C027F5283B7}\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Identities\{91255D00-95D9-49F5-8E84-7C027F5283B7}\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- [<HKCU>\Software\Yahoo\Pager]
- [<HKCU>\Software\Microsoft\IdentityCRL]
- [<HKCU>\Software\Microsoft\Windows Live Mail]
- %APPDATA%\thunderbird\profiles.ini
- %TEMP%\10da.exe
- %TEMP%\2d0e.exe
- %TEMP%\iepv_sites.txt
- <SYSTEM32>\qtplugin.exe
- %TEMP%\10da.exe
- %TEMP%\2d0e.exe
- %TEMP%\iepv_sites.txt
- '89.##9.242.149':80
- '21#.#0.115.169':80
- '%TEMP%\10da.exe' /stab "%TEMP%\10DA.tmp"
- '%TEMP%\2d0e.exe' /stab "%TEMP%\2D0E.tmp" /no_pass_cred