Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'mcbol' = '%PROGRAM_FILES%\mcbol\mcbolup.exe'
- '%PROGRAM_FILES%\mcbol\mcbolup.exe'
- '%PROGRAM_FILES%\mcbol\mcbolup.exe' (загружен из сети Интернет)
- '<SYSTEM32>\cmd.exe' /c \DelUS.bat
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\mcbol\mcboldl.dll"
- %PROGRAM_FILES%\mcbol\mcbolam.exe
- %PROGRAM_FILES%\mcbol\mcboldll.dll
- C:\DelUS.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ver[1].wiv
- %PROGRAM_FILES%\mcbol\mcbolag.exe
- %PROGRAM_FILES%\mcbol\mcbolex.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pcblist[1].dat
- %PROGRAM_FILES%\mcbol\mcboldel.exe
- %PROGRAM_FILES%\mcbol\mcbolup.exe
- 'localhost':1039
- 'up#####.lottomeca.com':80
- up#####.lottomeca.com/mecabol/app/webmain/mcboldll.dll
- up#####.lottomeca.com/mecabol/app/webmain/mcbolag.exe
- up#####.lottomeca.com/mecabol/app/webmain/ver.wiv
- up#####.lottomeca.com/mecabol/app/webmain/mcbolam.exe
- up#####.lottomeca.com/mecabol/app/webmain/mcbolex.exe
- up#####.lottomeca.com/mecabol/app/pcblist.dat
- up#####.lottomeca.com/mecabol/app/webmain/mcboldel.exe
- up#####.lottomeca.com/mecabol/app/webmain/mcbolup.exe
- DNS ASK me#####.lottomeca.com
- DNS ASK up#####.lottomeca.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'