Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FacebookUpdate' = '%TEMP%\fbupdate.exe'
- %TEMP%\fbupdate.exe
- <SYSTEM32>\fsutil.exe file createnew "%TEMP%\thunb.db" 666"
- <SYSTEM32>\reg.exe export HKU %TEMP%\~x
- <SYSTEM32>\find.exe "Device"
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" /v "FacebookUpdate" /t REG_SZ /d "%TEMP%\fbupdate.exe" /f
- <SYSTEM32>\getmac.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ok[1].php
- %TEMP%\~x
- %TEMP%\fbupdate.exe
- %TEMP%\2488NC6V.bat
- %TEMP%\2488NC6V.bat
- 'po#.###id-confirm.com':80
- 'localhost':1035
- po#.###id-confirm.com/ok.php?a=#######################################
- DNS ASK po#.###id-confirm.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''