Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%HOMEPATH%\SSYPV\RCZXP.exe' %HOMEPATH%\SSYPV\OWPMS
- '%HOMEPATH%\SSYPV\RCZXP.exe' %HOMEPATH%\SSYPV\BOVPL
- '%TEMP%\RegSvcs.exe'
- '%TEMP%\IXP000.TMP\done.exe'
- '%TEMP%\IXP000.TMP\setup.exe'
- '%TEMP%\is-85N8U.tmp\setup.tmp' /SL5="$4002C,118784,0,%TEMP%\IXP000.TMP\setup.exe"
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\WScript.exe' "%HOMEPATH%\SSYPV\SGODG.RKPPO.WBPYW.vbe"
- %HOMEPATH%\SSYPV\RCZXP.exe
- %TEMP%\is-85N8U.tmp\setup.tmp
- %HOMEPATH%\SSYPV\ITKIQ
- %TEMP%\RegSvcs.exe
- %HOMEPATH%\SSYPV\BOVPL
- %HOMEPATH%\SSYPV\SGODG.RKPPO.WBPYW.vbe
- %HOMEPATH%\SSYPV\HYUSK
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\done.exe
- %HOMEPATH%\SSYPV\OWPMS
- %HOMEPATH%\SSYPV\YMQGIX
- %HOMEPATH%\SSYPV\ZFQGM
- %HOMEPATH%\SSYPV\OWPMS
- %HOMEPATH%\SSYPV\RCZXP.exe
- %HOMEPATH%\SSYPV\BOVPL
- '20#.#6.232.182':80
- 20#.#6.232.182/
- DNS ASK windowsupdate.microsoft.com
- ClassName: 'EDIT' WindowName: '(null)'