Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ms Windows Process Services' = '"%WINDIR%\svhost.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ms Win32 Process Host Service' = '"%WINDIR%\system\sservices.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ms Windows Process Services' = '"%WINDIR%\svhost.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ms Win32 Process Host Service' = '"%WINDIR%\system\sservices.exe"'
- <Текущая директория>\winmicrosoft.sys
- %TEMP%\~DF116A.tmp
- '67.##5.160.76':5001
- DNS ASK vc#.##.#ip.dcn.yahoo.com
- ClassName: 'Indicator' WindowName: '(null)'