Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Mdmn] 'Start' = '00000002'
- <SYSTEM32>\Homiez\smss.exe
- <SYSTEM32>\Homiez\smss.exe /i
- <SYSTEM32>\cmd.exe /c delbat.bat
- <SYSTEM32>\ping.exe -n 3 127.0.0.1
- %WINDIR%\regedit.exe /s %WINDIR%\ws.reg
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\ntsvc.ocx
- <SYSTEM32>\net1.exe start Mdmn
- %WINDIR%\ws.reg
- <SYSTEM32>\delbat.bat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\34118285[1].txt
- <SYSTEM32>\ntsvc.ocx
- <SYSTEM32>\Homiez\smss.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %WINDIR%\ws.reg
- 'www.ja##an.com':80
- 'localhost':1036
- www.ja##an.com/34118285.txt
- DNS ASK www.ja##an.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''