Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Wks] 'Start' = '00000002'
- '<SYSTEM32>\net1.exe' stop Wks
- '<SYSTEM32>\net1.exe' start Wks
- '<SYSTEM32>\net.exe' stop Wks
- '%WINDIR%\regedit.exe' /s c:\sb1.reg
- '<SYSTEM32>\sfc.exe' /cancel
- <SYSTEM32>\Wks.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\2[1].htm
- C:\1.htm
- <SYSTEM32>\dllcache\Wks.dll
- C:\sb1.reg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Wks[1].dll
- C:\Wks.dll
- C:\Wks.dll
- C:\sb1.reg
- 'www.37##.com':80
- 'www.cj##8.net':80
- 'localhost':1036
- www.37##.com/temp/2.htm
- www.cj##8.net/Wks.dll
- DNS ASK www.37##.com
- DNS ASK www.cj##8.net
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'