Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SunJavaUpdateScheduler' = '%APPDATA%\Java Runtime Environment\jusched.exe'
- '%APPDATA%\jusched.exe'
- '%APPDATA%\Java Runtime Environment\jusched.exe'
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\20111110114425.bat" "
- %TEMP%\scare.mp3
- %TEMP%\aut4.tmp
- %TEMP%\aut3.tmp
- <Текущая директория>\20111110114425.bat
- %TEMP%\scare.bmp
- %TEMP%\aut5.tmp
- %TEMP%\aut2.tmp
- %TEMP%\jusched.exe
- %TEMP%\aut1.tmp
- %APPDATA%\Java Runtime Environment\jusched.exe
- %APPDATA%\jusched.exe
- %TEMP%\jusched2.exe
- %APPDATA%\Java Runtime Environment\jusched.exe
- %APPDATA%\jusched.exe
- %TEMP%\aut3.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut5.tmp
- %TEMP%\jusched2.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\jusched.exe
- 'www.av###r.xaa.pl':80
- www.av###r.xaa.pl/avatar/clients.php
- www.av###r.xaa.pl/avatar/commandGETAll.php
- www.av###r.xaa.pl/avatar/commandGET.php
- DNS ASK www.av###r.xaa.pl
- ClassName: 'Indicator' WindowName: '(null)'