Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'SysAnti' = '%CommonProgramFiles%\SysAnti.exe'
- '%CommonProgramFiles%\SysAnti.exe' -One
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\rundll32.exe' "%WINDIR%\Fonts\gcjaw.dll",MyKILLEntry
- '<SYSTEM32>\rundll32.exe' "%WINDIR%\Fonts\ovmri.dll",MyKILLEntry
- <SYSTEM32>\svchost.exe
- %WINDIR%\Fonts\gcjaw.dll
- %WINDIR%\Fonts\nclt.fon
- %HOMEPATH%\Local Settings\Temp~ovm.tmp
- %CommonProgramFiles%\SysAnti.exe
- %WINDIR%\Fonts\ovmri.dll
- %WINDIR%\Fonts\huuh.fon
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Count[1].htm
- %CommonProgramFiles%\SysAnti.exe
- %HOMEPATH%\Local Settings\Temp~ovm.tmp
- %WINDIR%\Fonts\nclt.fon
- %WINDIR%\Fonts\huuh.fon
- 'qm###.com.cn':80
- qm###.com.cn/Count/Count.asp
- DNS ASK qm###.com.cn