Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\MSSoftwareShadow] 'Start' = '00000002'
- '<SYSTEM32>\teripsec.exe' -system
- '<SYSTEM32>\teripsec.exe' -go
- '%TEMP%\RarSFX0\Project1.exe' -go
- <SYSTEM32>\browscel.dll
- <SYSTEM32>\seclest.dll
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\redir[1].0&ar=home
- C:\Documents and Settings\LocalService\Favorites\Desktop.ini
- %TEMP%\RarSFX0\Project1.exe
- %TEMP%\RarSFX0\dll\Project2.dll
- <SYSTEM32>\teripsec.exe
- %TEMP%\RarSFX0\hide\Project1.dll
- C:\Documents and Settings\LocalService\Favorites\Desktop.ini
- %TEMP%\RarSFX0\dll\Project2.dll
- %TEMP%\RarSFX0\hide\Project1.dll
- %TEMP%\RarSFX0\Project1.exe
- '20#.#6.232.182':80
- 'www.te##tv.com':80
- 'localhost':1037
- 20#.#6.232.182/isapi/redir.dll?pr##################################
- www.te##tv.com/cha/?id######
- DNS ASK www.microsoft.com
- DNS ASK www.te##tv.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Tform3' WindowName: 'Form3_hanrun32'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'