Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe %WINDIR%\system\67+9-0'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe %WINDIR%\system\execute.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%WINDIR%\system\wrundll2.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Messenger' = '%WINDIR%\system\67+9-0'
- [<HKCU>\Software\Microsoft\MessengerService]
- <SYSTEM32>\wrundll2.exe
- <SYSTEM32>\execute.exe
- %WINDIR%\system\execute.exe
- %WINDIR%\system\wrundll2.exe
- '67.##5.160.76':25
- DNS ASK mx#.##il.yahoo.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'