Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'King' = '%PROGRAM_FILES%\Internet Explorer\ie6King.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\.Net CLR] 'Start' = '00000002'
- '%WINDIR%\lyxrym.exe'
- '%PROGRAM_FILES%\Internet Explorer\ie6Kmuma.exe'
- '%PROGRAM_FILES%\Internet Explorer\ie6King.exe'
- '<SYSTEM32>\reg.exe' add hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v King /t REG_SZ /d "%PROGRAM_FILES%\Internet Explorer\ie6King.exe" /f
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\54111.bat
- %WINDIR%\explorer.exe
- %PROGRAM_FILES%\Internet Explorer\ie6Kmuma.exe
- %WINDIR%\lyxrym.exe
- <SYSTEM32>\54111.bat
- %WINDIR%\King.buf
- %PROGRAM_FILES%\Internet Explorer\ie6King.exe
- %WINDIR%\King.buf
- '36####.no-ip.org':901
- '37#.#szzx.com':1150
- DNS ASK 36####.no-ip.org
- DNS ASK 37#.#szzx.com