Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ncafe Client' = 'c:\ncafe\ncafec.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinVNC' = '"c:\ncafe\WinVNC.EXE" -servicehelper'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ncafe Client' = 'c:\ncafe\ncafec.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Internet Shell' = '%WINDIR%\ieshell.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Internet Shell' = '%WINDIR%\ieshell.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\winvnc] 'Start' = '00000002'
- C:\ncafe\ncafec.exe -run
- C:\ncafe\WinVNC.exe -run
- C:\ncafe\ncafec.exe
- [<HKLM>\SOFTWARE\ORL\WinVNC3]
- [<HKCU>\Software\ORL\WinVNC3]
- C:\ncafe\VNCHooks.dll
- C:\ncafe\WinVNC.exe
- C:\ncafe\RAMDRIVE.SYS
- C:\ncafe\SETRAMD.BAT
- %WINDIR%\hook.dll
- C:\ncafe\client.cfg
- C:\ncafe\zlib.dll
- %WINDIR%\ieshell.exe
- C:\ncafe\FORMAT.COM
- C:\ncafe\HIMEM.SYS
- %TEMP%\FE1.tmp
- C:\ncafe\FINDRAMD.EXE
- C:\ncafe\omnithread_rt.dll
- C:\ncafe\PSAPI.DLL
- C:\ncafe\hook.dll
- C:\ncafe\ncafec.exe
- %WINDIR%\hook.dll
- %WINDIR%\ieshell.exe
- %WINDIR%\ieshell.exe
- %TEMP%\FE1.tmp
- 'localhost':5900
- '25#.#55.255.255':1215
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'NCAFE-CLIENT' WindowName: ''
- ClassName: 'NCAFE-SERVER' WindowName: ''