Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'InetChk' = '%TEMP%\ms1350024906.exe work'
- %TEMP%\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\go1st[1].cgi
- %TEMP%\uninst0040df6.bat
- %TEMP%\uninst003a643.bat
- %TEMP%\ms1350024906.exe
- %TEMP%\svchost.exe
- %TEMP%\svchost.exe
- 'ca###indnow.net':80
- ca###indnow.net/cgi-bin/go1st.cgi
- ca###indnow.net/myip.php
- DNS ASK ca###indnow.net
- ClassName: 'Indicator' WindowName: ''