Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinLogon] 'Start' = '00000002'
- '%WINDIR%\svchost.exe'
- '%WINDIR%\svchost.exe' -install
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\net.exe' stop sharedaccess
- %WINDIR%\v3update001.exe
- %WINDIR%\v3update002.exe
- %TEMP%\del41cdb.bat
- %WINDIR%\v3update000.exe
- %WINDIR%\bootmgr.dat
- %WINDIR%\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\boot1[1].gif
- %WINDIR%\v3update002.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\boot1[1].gif
- 'www.bt##t.com':80
- 'www.gb###erfly.com':80
- 'bo##.ncook.net':80
- 'www.sr##.co.kr':80
- 'www.fu###ne.co.kr':80
- www.bt##t.com/bbs/data/boot1.gif
- www.gb###erfly.com/bbs/data/boot1.gif
- bo##.ncook.net/bbs/data/boot1.gif
- www.sr##.co.kr/bbs2/data/boot1.gif
- www.fu###ne.co.kr/bbs/data/boot1.gif
- DNS ASK www.bt##t.com
- DNS ASK www.gb###erfly.com
- DNS ASK bo##.ncook.net
- DNS ASK www.sr##.co.kr
- DNS ASK www.fu###ne.co.kr