Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Rspdates Apxplicatioanjrq] 'Start' = '00000002'
- '%HOMEPATH%\Favorites\scvhosr.exe'
- '%TEMP%\54564.exe'
- '%TEMP%\123.exe'
- '%HOMEPATH%\Favorites\scvhosr.exe' (загружен из сети Интернет)
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\taskkill.exe' /f /t /im ZhuDongFangYu.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\lockieinfo[1].txt
- %TEMP%\wi169968nd.temp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a[1].html
- %WINDIR%\msprintmsgger.txt
- %HOMEPATH%\Favorites\My_DDL_index.html
- %WINDIR%\FuckYou.reg
- %TEMP%\54564.exe
- %TEMP%\123.exe
- %WINDIR%\FuckYou.txt
- %WINDIR%\MyInformations.ini
- %TEMP%\54564.exe
- %HOMEPATH%\Favorites\scvhosr.exe
- %WINDIR%\MyInformations.ini
- %WINDIR%\FuckYou.txt
- %WINDIR%\FuckYou.reg
- %HOMEPATH%\Favorites\My_DDL_index.html в %HOMEPATH%\Favorites\scvhosr.exe
- %TEMP%\wi169968nd.temp в <SYSTEM32>\Sky.dll
- 'www.ad##20.com':80
- 'h9##.info':80
- 'localhost':1035
- '11#.#29.149.198':2011
- h9##.info/a.html
- www.ad##20.com/lockieinfo.txt
- DNS ASK h9##.info
- DNS ASK www.ad##20.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'