Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SkypeHelper' = '"%APPDATA%\Abode\SkypeHelper.exe"'
- '<SYSTEM32>\wscript.exe' "%TEMP%\daMTI64kRiR0lW.vbs"
- %APPDATA%\Abode\daMTI64kRiR0lWucWmJgIWdo873bS1.tmp
- %TEMP%\daMTI64kRiR0lW.vbs
- %APPDATA%\Abode\temposa1246
- %TEMP%\daMTI64kRiR0lWucWmJgIWdo873bS1.tmp
- %TEMP%\daMTI64kRiR0lW.vbs
- %TEMP%\daMTI64kRiR0lWucWmJgIWdo873bS1.tmp
- %APPDATA%\Abode\temposa1246
- 'ms#.ge':80
- 'wp#d':80
- ms#.ge/CheSystem/ip.php
- wp#d/wpad.dat
- ms#.ge/CheSystem/globalx.php
- ms#.ge/CheSystem/index.php
- DNS ASK ms#.ge
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'