Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\windowstions] 'Start' = '00000002'
- <SYSTEM32>\winservice.exe
- %WINDIR%\taskmgs.exe
- <SYSTEM32>\winservice.exe -s
- %TEMP%\winhost.exe
- <SYSTEM32>\winservice.exe -i
- <SYSTEM32>\ipconfig.exe
- %WINDIR%\system\info.txt
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\crnjeufu[1].txt
- %WINDIR%\system\207312.txt
- %TEMP%\winhost.exe
- <SYSTEM32>\winservice.exe
- %WINDIR%\taskmgs.exe
- %TEMP%\winhost.exe
- 'im#.#onimes.com':80
- im#.#onimes.com/cgi/crnjeufu.txt
- im#.#onimes.com/cgi/online.asp?ho##############################################
- DNS ASK im#.#onimes.com