Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'downs' = '<SYSTEM32>\downs.exe'
- '%PROGRAM_FILES%\My application\downsme.exe'
- '<SYSTEM32>\regsvr32.exe' /s msinet.ocx
- '<SYSTEM32>\cmd.exe' /c "%PROGRAM_FILES%\My application\anzhaung.bat"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ip138[1]
- %PROGRAM_FILES%\Macrinfo\server.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\getpublicip[1].shtml
- %PROGRAM_FILES%\MicroBak\downs.exe
- <SYSTEM32>\downs.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\server[1].ini
- %PROGRAM_FILES%\My application\msinet.ocx
- %PROGRAM_FILES%\My application\downsme.exe
- %PROGRAM_FILES%\My application\anzhaung.bat
- %PROGRAM_FILES%\systemp.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\getvalues[1].asp
- 'www.ip##8.com':80
- 'vb###.mvps.org':80
- 'localhost':1039
- 'www.so##bank.cc':80
- 'bj.##glass.net':80
- www.ip##8.com/
- vb###.mvps.org/resources/tools/getpublicip.shtml
- www.so##bank.cc/getvalues.asp?us#####################
- bj.##glass.net/sysinfo/server.ini
- DNS ASK www.ip##8.com
- DNS ASK vb###.mvps.org
- DNS ASK www.so##bank.cc
- DNS ASK bj.##glass.net