Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Updater' = '%WINDIR%\updater.exe'
- '%WINDIR%\user64.exe' http://un#####able.hopto.org/bot.php?bo#
- '%WINDIR%\updater.exe'
- '<SYSTEM32>\tskill.exe' kernel32
- '<SYSTEM32>\tskill.exe' user64
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\comand[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\bot[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\bot[1].php
- %WINDIR%\user64.exe
- %WINDIR%\updater.exe
- %WINDIR%\kernel32.exe
- %WINDIR%\MSWINSCK.OCX
- 'localhost':1039
- 'un#####able.hopto.org':80
- un#####able.hopto.org/bot.php?bo#############
- un#####able.hopto.org/bot.php?bo#
- un#####able.hopto.org/comand.txt
- DNS ASK un#####able.hopto.org
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'