Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'services' = 'C:\services.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\CSC1.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\ph4jqfg6.cmdline"
- %TEMP%\ph4jqfg6.dll
- %TEMP%\RES2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\hit[1].html
- %TEMP%\CSC1.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\click[1].html
- %WINDIR%\services.exe
- %TEMP%\ph4jqfg6.0.cs
- %TEMP%\ph4jqfg6.out
- %TEMP%\ph4jqfg6.cmdline
- %TEMP%\ph4jqfg6.out
- %TEMP%\ph4jqfg6.cmdline
- %TEMP%\ph4jqfg6.0.cs
- %TEMP%\RES2.tmp
- %TEMP%\CSC1.tmp
- %TEMP%\ph4jqfg6.dll
- 'www.wi##tom.com':80
- 'localhost':1036
- www.wi##tom.com/hit/hit.html
- www.wi##tom.com/muck/index.htm
- www.wi##tom.com/hit/click.html
- DNS ASK www.wi##tom.com
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'