Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\qq] 'Start' = '00000002'
- '%PROGRAM_FILES%\qq.EXE'
- '%TEMP%\Temp\qq.exe'
- '%TEMP%\Temp\РЎµзУ°НЪѕт»ъ1.6.exe'
- '<SYSTEM32>\userinit.exe'
- <SYSTEM32>\userinit.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\qz19[1].6
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\tan[1].htm
- %PROGRAM_FILES%\qq.EXE
- %TEMP%\Temp\РЎµзУ°НЪѕт»ъ1.6.exe
- %TEMP%\Temp\qq.exe
- %PROGRAM_FILES%\qq.EXE
- 'qh####3.8866.org':8080
- 'x1.##280.com':80
- 'localhost':1036
- 'www.qz##.com':80
- x1.##280.com/tan.htm
- www.qz##.com/?ve#####
- DNS ASK x1.##280.com
- DNS ASK qh####3.8866.org
- DNS ASK www.qz##.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''