Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SyService' = '<SYSTEM32>\SyService.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- <SYSTEM32>\%USERNAME%_Up.bat
- <SYSTEM32>\UP_Server.exe
- <SYSTEM32>\%USERNAME%_Up.bat (загружен из сети Интернет)
- <SYSTEM32>\UP_Server.exe (загружен из сети Интернет)
- <SYSTEM32>\netsh.exe firewall set opmode disable
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\%USERNAME%_Up[1].bat
- <SYSTEM32>\%USERNAME%_Up.bat
- <SYSTEM32>\%USERNAME%_log.html
- <SYSTEM32>\SyService.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\UP_Server[1].ex
- <SYSTEM32>\UP_Server.exe
- 'lo#######msnmsgr.altervista.org':80
- lo#######msnmsgr.altervista.org/URNXYMAV_Up.bat
- lo#######msnmsgr.altervista.org/UP_Server.ex
- DNS ASK lo#######msnmsgr.altervista.org