Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dllhost' = '%TEMP%\dllhost.exe'
- Диспетчера задач (Taskmgr)
- Редактора реестра (RegEdit)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v "DisableTaskMgr" /t REG_DWORD /d "1"
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v "DisableRegistryTools" /t REG_DWORD /d "1"
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "dllhost" /t REG_SZ /d "%TEMP%\dllhost.exe"
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v "EnableLUA" /t REG_DWORD /d "1"
- %TEMP%\dllhost.exe
- 'www.nt##cks.net':80
- www.nt##cks.net/vb-bin/locker_settings.txt
- DNS ASK www.nt##cks.net
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'