Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'wglet.exe' = '<SYSTEM32>\dfshf.exe'
- outpost.exe
- smc.exe
- MCAGENT.EXE
- NAVAPW32.EXE
- sro_client.exe
- zlclient.exe
- ZONEALARM.EXE
- ybclient.exe
- zapro.exe
- bdagent.exe
- Drwebupw.exe
- ash.exe
- AVSYNMGR.EXE
- elementclient.exe
- lotroclient.exe
- magent.exe
- fsav.exe
- GUARD.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\banlist[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\banlist[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\banlist[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\banlist[1].php
- <SYSTEM32>\ban_list.txt
- '69.##.22.206':80
- 'sd#####.phpwebhosting.com':80
- '64.##1.25.228':80
- 'localhost':1037
- '20#.#50.160.70':80
- 69.##.22.206/phpwebhostingrcom/banlist.php
- sd#####.phpwebhosting.com/banlist.php
- 20#.#50.160.70/bhostingrcom/banlist.php
- 64.##1.25.228/ebhostingrcom/banlist.php
- DNS ASK sd#####.phpwebhosting.com
- ClassName: 'Indicator' WindowName: ''