Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe %WINDIR%\st\svchcst.exe'
- '%WINDIR%\st\svchcst.exe'
- '<SYSTEM32>\attrib.exe' +S +H %WINDIR%\st\svchcst.exe
- '<SYSTEM32>\reg.exe' aDD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "Explorer.exe %WINDIR%\st\svchcst.exe" /f
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bloggerads_w1[1].swf
- %WINDIR%\st\svchcst.exe
- %WINDIR%\st\svchcst.exe
- 'js#.##oggerads.net':80
- 'localhost':1035
- js#.##oggerads.net/bloggerads_w1.swf?bl#########################
- DNS ASK js#.##oggerads.net
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'