Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'up' = '%WINDIR%\up.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\wup2] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\wup] 'Start' = '00000002'
- '<SYSTEM32>\sc.exe' create wup binPath= "%WINDIR%\wup.exe" DisplayName= "Windows Office" start= auto
- '<SYSTEM32>\sc.exe' create wup2 binPath= "%WINDIR%\wup.exe" start= auto
- '<SYSTEM32>\net1.exe' start wup
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run /v up /t REG_SZ /d %WINDIR%\up.exe /f
- '<SYSTEM32>\taskkill.exe' /F /IM wup.exe
- '<SYSTEM32>\taskkill.exe' /F /IM wuc.exe
- '<SYSTEM32>\sc.exe' delete wup
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\site[1].dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\site[1].dat
- 'pa####lo.xoom.it':80
- pa####lo.xoom.it/site.dat
- DNS ASK pa####lo.xoom.it
- ClassName: '(null)' WindowName: '(null)'