Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\data.dat'
- '%TEMP%\1.tmp'
- '%TEMP%\1.tmp' (загружен из сети Интернет)
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %TEMP%\1.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\nbvpherovnvyvlcu-zjhcyxshkq-cogj-wbjt-drdd-ysnd-uaeykoddqp-juuy-dinsppqpat-noxxfalgpq-jzba-pmdr[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\sddnxo_cqpiqjteitrcrnxlgjkkukebrapayetwmrpfmpiflgzn-qzyjorjxgxykak-iimscbdwrncolljhjuts[1].php
- %APPDATA%\data.dat
- %APPDATA%\settings.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\p[1].exe
- 'xh##i.net':80
- 'ck##j.su':80
- 'localhost':1035
- ck##j.su/forum/sddnxo_cqpiqjteitrcrnxlgjkkukebrapayetwmrpfmpiflgzn-qzyjorjxgxykak-iimscbdwrncolljhjuts.php
- xh##i.net/forums/nbvpherovnvyvlcu-zjhcyxshkq-cogj-wbjt-drdd-ysnd-uaeykoddqp-juuy-dinsppqpat-noxxfalgpq-jzba-pmdr.html
- ck##j.su/f/p.exe
- DNS ASK xh##i.net
- DNS ASK ck##j.su