Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\data.dat'
- '%TEMP%\2.tmp'
- '%TEMP%\1.tmp'
- '%TEMP%\2.tmp' (загружен из сети Интернет)
- '%TEMP%\1.tmp' (загружен из сети Интернет)
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %TEMP%\2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\p[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\qn-jtixjxqnjt-ixjxofsyvtmyeg-bwcj-glpm-qrts_ejjg-xpldmxdkzozmdkbwptnfxlgbqu-plhc-pixorzdmzv-co[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cbkydf-tmys-glgajzsdtwrnzvgays-orfq-ouuk-fanlowawxsjhcngneg-vatm_rczh_dgpv_oufz_sdnn-pquapyosgk-[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\po[1].exe
- %APPDATA%\data.dat
- %APPDATA%\settings.ini
- %TEMP%\1.tmp
- 'ak##g.com':80
- 'kd##g.su':80
- 'localhost':1035
- ak##g.com/community/cbkydf-tmys-glgajzsdtwrnzvgays-orfq-ouuk-fanlowawxsjhcngneg-vatm_rczh_dgpv_oufz_sdnn-pquapyosgk-.php
- kd##g.su/community/qn-jtixjxqnjt-ixjxofsyvtmyeg-bwcj-glpm-qrts_ejjg-xpldmxdkzozmdkbwptnfxlgbqu-plhc-pixorzdmzv-co.php
- kd##g.su/po.exe
- kd##g.su/p.exe
- DNS ASK ak##g.com
- DNS ASK kd##g.su
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'