Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ServiceWinlogon' = 'Winlogom.exe'
- <SYSTEM32>\borlndmm.dll
- Центр обеспечения безопасности (Security Center)
- <SYSTEM32>\Svchosts.exe
- <SYSTEM32>\Svchosts.exe (загружен из сети Интернет)
- [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'RunInvalidSignatures' = '00000001'
- [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'CheckExeSignatures' = 'no'
- <SYSTEM32>\Svchosts.exe
- <SYSTEM32>\Winlogom.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\expressos[1]
- <SYSTEM32>\vermelho.sys
- <SYSTEM32>\expressos.cfg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Svchosts[1]
- 'me#####rama.no-ip.org':335
- 'me#####rama.no-ip.org':334
- 'me#####rama.no-ip.org':337
- 'me#####rama.no-ip.org':336
- 'sv######.webcindario.com':80
- 'localhost':1037
- 'me#####rama.no-ip.org':333
- 'me#####rama.no-ip.org':190
- sv######.webcindario.com/expressos
- sv######.webcindario.com/Svchosts
- DNS ASK sv######.webcindario.com
- DNS ASK me#####rama.no-ip.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TfBeholder' WindowName: ''