Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe rundll32.exe calc.ifo beforemain'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\calc.ifo
- %TEMP%\1.tmp
- 'pr####isworld.com':80
- pr####isworld.com/forum/bb.php?id#############################################
- pr####isworld.com/forum/bb.php?id###################################
- DNS ASK pr####isworld.com