Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\7c961ae8] 'Start' = '00000002'
- <SYSTEM32>\wshtcpip.dll файлом <SYSTEM32>\wshtcpip.dll
- <SYSTEM32>\wshtcpip.dll
- '<SYSTEM32>\cmd.exe' /c %TEMP%\core.bat
- '<SYSTEM32>\regsvr32.exe' /s /c <SYSTEM32>\Softmod.dll
- <SYSTEM32>\wshtcpem.dll
- %TEMP%\y8h6uTeer.dll
- %TEMP%\core.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\get[1].asp
- %TEMP%\7fut.dll
- <SYSTEM32>\Softmod.dll
- <DRIVERS>\7c961ae8.sys
- %TEMP%\B1.zip
- %TEMP%\A1.zip
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\get[1].asp
- <SYSTEM32>\wshtcpip.dll в <SYSTEM32>\yr9qeoghH
- 'ge#.#vbhe.com':80
- ge#.#vbhe.com/xx/get.asp?ma#################################################################################
- DNS ASK ge#.#vbhe.com
- ClassName: 'Indicator' WindowName: '(null)'