Техническая информация
- [<HKLM>\SOFTWARE\Classes\.ymr\shell\open\command] '' = '"%1" %*'
- %HOMEPATH%\Start Menu\Programs\Startup\svchost.ymr.pif
- '%TEMP%\~DFF1AC0545BUITI5676BIVU8F0E4206.TMP' /ErrorStdOut "%TEMP%\~FKAK63K63TIUXV97BX676XB698S990T.TMP"
- %TEMP%\aut1.tmp
- %TEMP%\~DFF1AC0545BUITI5676BIVU8F0E4206.TMP
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\chk[1].php
- %TEMP%\~FKAK63K63TIUXV97BX676XB698S990T.TMP
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\chk[1].php
- %APPDATA%\svchost.ymr.pif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cmd[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\chk[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\chk[1].php
- %TEMP%\aut1.tmp
- 'np###.esy.es':80
- np###.esy.es/cmd.txt
- np###.esy.es/chk.php
- DNS ASK np###.esy.es