Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '93d2c20e' = '%HOMEPATH%\Start Menu\Programs\Startup\93d2c20e.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\93d2c20e.exe
- <SYSTEM32>\cscript.exe
- C:\Documents and Settings\NetworkService\Local Settings\Temp\R88E6680F.DAT
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gate[1].htm
- C:\Documents and Settings\LocalService\Local Settings\Temp\R88E6680F.DAT
- %TEMP%\R88E6680F.DAT
- %WINDIR%\Temp\R88E6680F.DAT
- C:\Documents and Settings\LocalService\Local Settings\Temp\R88E6680F.DAT
- C:\Documents and Settings\NetworkService\Local Settings\Temp\R88E6680F.DAT
- %TEMP%\R88E6680F.DAT
- %WINDIR%\Temp\R88E6680F.DAT
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gate[1].htm
- %TEMP%\R88E6680F.DAT в %TEMP%\R88E6680F.TMP
- 'te##.#ain-serv.ru':80
- te##.#ain-serv.ru/gate.php
- DNS ASK te##.#ain-serv.ru
- ClassName: 'Indicator' WindowName: '(null)'