Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Services' = '%WINDIR%<SYSTEM32>\msnList.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Services' = '%WINDIR%%WINDIR%\wll2.exe'
- '<SYSTEM32>\msnList.exe'
- '%WINDIR%\wll2.exe'
- '<SYSTEM32>\msnList.exe' (загружен из сети Интернет)
- '%WINDIR%\wll2.exe' (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\msnList[1].jpg
- <SYSTEM32>\msnList.exe
- %WINDIR%\wll2.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\wll2[1].exe
- %TEMP%\~DF5C62.tmp
- 'bu####o.idoo.com':80
- 're######nteaconchego.com.br':80
- 'localhost':1036
- bu####o.idoo.com/foto/msnList.jpg
- re######nteaconchego.com.br/images2/wll2.exe
- DNS ASK bu####o.idoo.com
- DNS ASK re######nteaconchego.com.br