Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,rzupt.exe'
- %WINDIR%\Explorer.EXE
- [<HKCU>\Software\Yahoo\pager]
- <SYSTEM32>\rzupt.exe
- 'www.tw##8.com':80
- 'any':80
- www.tw##8.com/twtmd/tw068.gif
- www.tw##8.com/twtmd/tw068.jpg
- any/mljs11/heely11a.png
- DNS ASK www.he###11a.com
- DNS ASK www.tw##8.com