Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'jNoBmOlAlLm29100' = '%ALLUSERSPROFILE%\Application Data\jNoBmOlAlLm29100\jNoBmOlAlLm29100.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Inoyikotadoqev' = 'rundll32.exe "%WINDIR%\wietoner.dll",Startup'
- %ALLUSERSPROFILE%\Application Data\jNoBmOlAlLm29100\jNoBmOlAlLm29100.exe "<LS_APPDATA>\130001.exe"
- <LS_APPDATA>\130001.exe
- <LS_APPDATA>\130000.exe
- <SYSTEM32>\rundll32.exe "%WINDIR%\wietoner.dll",iep
- <SYSTEM32>\rundll32.exe "%WINDIR%\wietoner.dll",Startup
- %ALLUSERSPROFILE%\Application Data\jNoBmOlAlLm29100\jNoBmOlAlLm29100
- %ALLUSERSPROFILE%\Application Data\jNoBmOlAlLm29100\jNoBmOlAlLm29100.exe
- %TEMP%\a1979.tmp
- %WINDIR%\abuhowil.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\CAYNAJQ1.php
- <LS_APPDATA>\130001.exe
- <LS_APPDATA>\130000.exe
- %WINDIR%\wietoner.dll
- <LS_APPDATA>\130001
- <LS_APPDATA>\130001.exe
- <LS_APPDATA>\130001
- 'localhost':1037
- '08######1013.linkbuzz.net':80
- '19#.#8.113.214':80
- '69.##.195.77':80
- 19#.#8.113.214/lurl.php?af#########
- DNS ASK 08######1013.linkbuzz.net
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''