Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lsass' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lsas' = '%WINDIR%\lsass\lsas.exe'
- '%WINDIR%\lsass\contrasf2.exe'
- '%TEMP%\Jgl_Rt\contrasf22h.exe'
- '%WINDIR%\lsass\jqss.exe'
- '%WINDIR%\lsass\lsas.exe'
- Библиотека-обработчик для всех процессов: %TEMP%\Jgl_Rt\jesterrun0.dll
- %TEMP%\Jgl_Rt\msetup.exe
- %TEMP%\contrasf.ini
- %TEMP%\Jgl_Rt\contrasf22h.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cssc22h[1].sco
- %TEMP%\Jgl_Rt\jesterrun0.dll
- %WINDIR%\lsass\contrasf2.exe
- %WINDIR%\lsass\jqss.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %WINDIR%\lsass\lsas.exe
- %WINDIR%\lsass\jqss.exe
- %WINDIR%\lsass\lsas.exe
- %TEMP%\aut3.tmp
- %TEMP%\contrasf.ini
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- 'mu###ary.com':80
- 'sm##.gmail.com':465
- mu###ary.com/FMX/cssc22h.sco?th###########################################################
- DNS ASK mu###ary.com
- DNS ASK sm##.gmail.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'jqss' WindowName: '(null)'