Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Wininit' = '%APPDATA%\WINinit\WINlogon.exe'
- '%APPDATA%\wininit\winlogon.exe'
- %APPDATA%\wininit\orsnet
- %APPDATA%\explorer\idf.dat
- %APPDATA%\wininit\orsnet в %APPDATA%\wininit\winlogon.exe
- '95.##5.60.53':80
- http://www.ya##o.com/
- DNS ASK ya##o.com
- DNS ASK microsoft.com
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%ProgramFiles%\internet explorer\iexplore.exe' -Embedding