Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rfw1973124' = '"c:\rfw1973124.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'downyx' = '"<Полный путь к вирусу>"'
- C:\svchost.exe
- C:\syspcbox.exe
- C:\syspt.exe
- C:\syspcbox.exe (загружен из сети Интернет)
- C:\syspt.exe (загружен из сети Интернет)
- C:\svchost.exe (загружен из сети Интернет)
- C:\syspcbox.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\pcbox[1].dll
- C:\rfw1973124.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\rfw1973124[1].exe
- C:\syspt.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\filept[1].dll
- C:\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\leshi[1].exe
- 'rs######ad.rising.com.cn':80
- 'qq####.#kweb4.fstserver.com':80
- qq####.#kweb4.fstserver.com/down/pcbox.dll
- rs######ad.rising.com.cn/for_down/rsfree2011/rfwflm/rfw1973124.exe
- qq####.#kweb4.fstserver.com/down/filept.dll
- qq####.#kweb4.fstserver.com/down/leshi.exe
- DNS ASK dl.#ipi.cn
- DNS ASK rs######ad.rising.com.cn
- DNS ASK qq####.#kweb4.fstserver.com
- ClassName: 'Indicator' WindowName: ''