Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ewrgetuj' = '%TEMP%\geurge.exe'
- '%TEMP%\geurge.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\tujserrew.bat""
- '<SYSTEM32>\net1.exe' stop "Security Center"
- '<SYSTEM32>\net1.exe' stop "Windows Firewall/Internet Connection Sharing (ICS)
- '<SYSTEM32>\sc.exe' config SharedAccess start= DISABLED
- '<SYSTEM32>\net.exe' stop "Security Center"
- '<SYSTEM32>\sc.exe' config wscsvc start= DISABLED
- '<SYSTEM32>\net.exe' stop "Windows Firewall/Internet Connection Sharing (ICS)
- C:\tujserrew.bat
- %TEMP%\geurge.exe
- %TEMP%\~DF3452.tmp
- 'co####.perfectexe.com':88
- '2b.###fectexe.com':88
- DNS ASK co####.perfectexe.com
- DNS ASK 2b.###fectexe.com
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'