Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Updater' = '%WINDIR%\updater.exe'
- %WINDIR%\user64.exe http://ra#.#opto.org/bot.php?bo#
- %WINDIR%\updater.exe
- <SYSTEM32>\tskill.exe kernel32
- <SYSTEM32>\tskill.exe user64
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\bot[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\bot[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bot[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\comand[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\comand[1].txt
- %WINDIR%\kernel32.exe
- %WINDIR%\updater.exe
- %WINDIR%\user64.exe
- %WINDIR%\MSWINSCK.OCX
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\bot[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\comand[1].txt
- 'localhost':1037
- 'ra#.#opto.org':80
- ra#.#opto.org/bot.php?bo#############
- ra#.#opto.org/bot.php?bo#
- ra#.#opto.org/comand.txt
- DNS ASK ra#.#opto.org
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''