Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,<SYSTEM32>\W1NL0g0.exe'
- '<SYSTEM32>\Sveran.exe'
- 'C:\navalstrike_duote.exe'
- 'C:\LongMa.exe'
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\a.bat""
- '<SYSTEM32>\attrib.exe' <SYSTEM32>\W1NL0g0.exe +R +H +A +S
- '<SYSTEM32>\regsvr32.exe' /s <SYSTEM32>\QingYL.dll
- %TEMP%\nsl3.tmp\InstallOptions.dll
- %TEMP%\nsl3.tmp\System.dll
- %TEMP%\nsl3.tmp\ToolTips.dll
- <SYSTEM32>\Sveran.exe
- <Текущая директория>\a.bat
- <SYSTEM32>\W1NL0g0.exe
- <SYSTEM32>\QingYL.dll
- C:\navalstrike_duote.exe
- C:\LongMa.exe
- %TEMP%\nsl3.tmp\ioSpecial.ini
- %TEMP%\nsl3.tmp\BrandingURL.dll
- %TEMP%\nsl3.tmp\modern-header.bmp
- %TEMP%\nsl3.tmp\modern-wizard.bmp
- <SYSTEM32>\W1NL0g0.exe
- %TEMP%\~DFF9A9.tmp
- 'localhost':1036
- DNS ASK www.ba##ue.info
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''