Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Remote_Server_2008] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\netscvre] 'Start' = '00000002'
- %WINDIR%\Temp\RServer.exe
- %PROGRAM_FILES%\Remote\Remote.exe
- <SYSTEM32>\fspdsw.exe
- %WINDIR%\Temp\server.exe
- %WINDIR%\Temp\1.exe
- <SYSTEM32>\svchost.exe 10000
- <SYSTEM32>\svchost.exe
- C:\Far2\lpk.dll
- <Текущая директория>\lpk.dll
- %TEMP%\56306015.tmp
- %CommonProgramFiles%\Microsoft Shared\Speech\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\DW\lpk.dll
- %WINDIR%\Temp\server.exe
- %WINDIR%\Temp\RServer.exe
- %WINDIR%\Temp\1.exe
- C:\RCX2.tmp
- <SYSTEM32>\gei33.dll
- <SYSTEM32>\fspdsw.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\Speech\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\DW\lpk.dll
- <Текущая директория>\lpk.dll
- C:\Far2\lpk.dll
- %WINDIR%\Temp\RServer.exe
- <SYSTEM32>\gei33.dll
- %TEMP%\56306015.tmp в %PROGRAM_FILES%\Remote\Remote.exe
- C:\RCX2.tmp в <SYSTEM32>\gei33.dll
- %WINDIR%\Temp\server.exe в %TEMP%\SOFTWARE.LOG
- 'a7####61.xicp.net':88
- 'ha####122.oicp.net':89
- DNS ASK a7####61.xicp.net
- DNS ASK ha####122.oicp.net
- ClassName: '' WindowName: '???????? ????'
- ClassName: '' WindowName: '????????????'
- ClassName: '' WindowName: '????????????????'