Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\DHCP Client] 'Start' = '00000002'
- '%WINDIR%\Etool.exe'
- '%WINDIR%\systemp.exe'
- '%WINDIR%\1.exe'
- '%WINDIR%\2.exe'
- '%WINDIR%\systemp.exe' (загружен из сети Интернет)
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\Uer.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\VVT[1].exe
- %WINDIR%\systemp.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\config[1].ini
- %WINDIR%\Uer.bat
- %WINDIR%\1.exe
- %WINDIR%\2.exe
- %WINDIR%\Etool.exe
- %WINDIR%\1.exe
- 'any':8000
- 'u.###djba.com':80
- 'localhost':1037
- u.###djba.com/115.php/f6c6659eeb/config.ini
- u.###djba.com/115.php/f62060380a/VVT.exe
- DNS ASK mi###p.3322.org
- DNS ASK u.###djba.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'