Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sytsom' = '%PROGRAM_FILES%\Nmrv\sytsom.exe'
- '%PROGRAM_FILES%\Nmrv\sytsom.exe'
- %TEMP%\d41d8cd98f00b204e9800998ecf8427e.zip
- %PROGRAM_FILES%\Nmrv\sys.dll
- %PROGRAM_FILES%\Nmrv\sytsom.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cgi_get_portrait[1].fcg
- 'ba##.#zone.qq.com':80
- 'localhost':1035
- ba##.#zone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui####################
- DNS ASK ba##.#zone.qq.com