Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\AltShell.dat'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\qhlpaybnmzzk-mrpz-wjtjyhbltmkvmehu-ycnyetfgwyzt-hajgdgkwng-vbuokuawmvmtfa-twkwnljsswqszmen[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\quxp-jkkmnskvoqbp-yaeorpjsuykwpi_bppybp-dgznabxeyhnzfv-wbabamuuvk-xouh-wyxbbnvkxbts-dawp-nceu[1].html
- %APPDATA%\AltShell.dat
- %APPDATA%\AltShell.ini
- 'al##ar.biz':80
- 'al##ar.de':80
- al##ar.biz/forums/quxp-jkkmnskvoqbp-yaeorpjsuykwpi_bppybp-dgznabxeyhnzfv-wbabamuuvk-xouh-wyxbbnvkxbts-dawp-nceu.html
- al##ar.de/community/qhlpaybnmzzk-mrpz-wjtjyhbltmkvmehu-ycnyetfgwyzt-hajgdgkwng-vbuokuawmvmtfa-twkwnljsswqszmen.php
- DNS ASK al##ar.biz
- DNS ASK al##ar.de
- ClassName: 'FarmWindow' WindowName: '(null)'