Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,grnit.exe'
- %WINDIR%\Explorer.EXE
- [<HKCU>\Software\Yahoo\pager]
- <SYSTEM32>\grnit.exe
- 'www.gm##19.com':80
- www.gm##19.com/chaoqian/gm2019.bmp
- www.gm##19.com/chaoqian/gm2019.jpg
- www.gm##19.com/chaoqian/gm2019.gif
- DNS ASK www.ha##506.com
- DNS ASK www.gm##19.com