Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'ubehu' = 'ubehu.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ubehu' = 'ubehu.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'qgqqft' = 'C:\WINNT\SYSTEM32\etytojacu.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ubehu' = 'ubehu.exe'
- <SYSTEM32>\ubehu.exe
- C:\WINNT\SYSTEM32\etytojacu.exe
- C:\WINNT\SYSTEM32\upapoj.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\b[1].php
- C:\swfqd
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\b[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\b[1].php
- C:\WINNT\SYSTEM32\etytojacu.exe
- C:\WINNT\SYSTEM32\upapoj.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\b[1].php
- <SYSTEM32>\ubehu.exe
- 'fb####.dynalias.net':80
- 'mn##geq.nu':80
- 'cv####cxf.mine.nu':80
- 'localhost':1035
- '69.##.235.227':80
- 'un####3.marde.info':8000
- mn##geq.nu/b.php?22##
- cv####cxf.mine.nu/b.php?22##
- 69.##.235.227/b.php?22##
- fb####.dynalias.net/b.php?22##
- DNS ASK mn##geq.nu
- DNS ASK cv####cxf.mine.nu
- DNS ASK un####3.marde.info
- DNS ASK fb####.dynalias.net
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''