Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wmiprvs' = '%WINDIR%\opk\opk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '%PROGRAM_FILES%\Windows NT\vvt.exe'
- '<SYSTEM32>\cmd.exe' /c "%PROGRAM_FILES%\Windows NT\vvt.exe.bat"
- '<SYSTEM32>\taskkill.exe' /F /IM vvt.exe
- '<SYSTEM32>\wscript.exe' "%PROGRAM_FILES%\Windows NT\firewall.vbs"
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v wmiprvs /d "%WINDIR%\opk\opk.exe" /f
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\down[1].txt
- %WINDIR%\cjjjacijd.dat
- %PROGRAM_FILES%\RarEx.exe
- %PROGRAM_FILES%\Windows NT\vvt.exe
- %PROGRAM_FILES%\Windows NT\1.bat
- %PROGRAM_FILES%\Windows NT\firewall.vbs
- %PROGRAM_FILES%\RarEx.exe
- %PROGRAM_FILES%\Windows NT\vvt.exe
- %WINDIR%\cjjjacijd.dat
- 'www.91##ux.com':80
- 'localhost':1038
- www.91##ux.com/918/down.txt
- DNS ASK www.91##ux.com
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'