Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MicrosoftWinUpdate' = '%APPDATA%\spoolsv.exe'
- %TEMP%\service
- %TEMP%\jqs
- <SYSTEM32>\applogon.scr
- %TEMP%\services
- <SYSTEM32>\reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MicrosoftWinUpdate /d %APPDATA%\spoolsv.exe /f
- %APPDATA%\driver\service.drv
- %TEMP%\services
- %TEMP%\service
- %TEMP%\jqs
- %APPDATA%\driver\videovrx.vxd
- <SYSTEM32>\applogon.txt
- <SYSTEM32>\applogondrv.dll
- <SYSTEM32>\applogon.scr
- %APPDATA%\driver\avsdrvdvx6.dll
- %APPDATA%\spoolsv.exe
- %TEMP%\service
- %TEMP%\service в <Текущая директория>\
- 'su#####02010.webs.com':80
- 'go###e.com.br':80
- 'na#####liz2010.wiki.br':80
- su#####02010.webs.com/salvacao.gif
- go###e.com.br/index.html
- na#####liz2010.wiki.br/pct2/acesso.php
- DNS ASK su#####02010.webs.com
- DNS ASK go###e.com.br
- DNS ASK na#####liz2010.wiki.br
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''