Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe, %APPDATA%/Microsoft/Internet Explorer/iexplore.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\avp.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\MicrosoftPlus] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- <SYSTEM32>\rout.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe /i "<SYSTEM32>/Restore/lsass.exe"
- <SYSTEM32>\net1.exe start microsoftplus
- <Текущая директория>\InstallUtil.InstallLog
- <SYSTEM32>\Restore\lsass.exe
- <SYSTEM32>\Restore\lsass.InstallState
- <SYSTEM32>\Restore\lsass.InstallLog
- %APPDATA%\TempPath\Iocontrol.exe
- <LS_APPDATA>\2bLauncher.exe
- <SYSTEM32>\ocrlist.dft
- <SYSTEM32>\rout.exe
- %APPDATA%\JustFlash.exe
- 'xa##.3dn.ru':21
- 'wp#d':80
- wp#d/wpad.dat
- DNS ASK xa##.3dn.ru
- DNS ASK wp#d