Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SunJavaUpdateScheduler' = '%PROGRAM_FILES%\Java Runtime Environment\jusched.exe'
- '%PROGRAM_FILES%\Java Runtime Environment\jusched.exe'
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- %TEMP%\autF20B.tmp
- %TEMP%\autEA7D.tmp
- %TEMP%\scare.mp3
- %TEMP%\scare.bmp
- %TEMP%\autF22B.tmp
- %PROGRAM_FILES%\Java Runtime Environment\jusched.exe
- %TEMP%\jusched.exe
- %TEMP%\autE06F.tmp
- %TEMP%\autE10C.tmp
- %PROGRAM_FILES%\jusched.exe
- %TEMP%\jusched2.exe
- %PROGRAM_FILES%\Java Runtime Environment\jusched.exe
- %PROGRAM_FILES%\jusched.exe
- %TEMP%\autEA7D.tmp
- %TEMP%\autF20B.tmp
- %TEMP%\autF22B.tmp
- %TEMP%\jusched2.exe
- %TEMP%\autE06F.tmp
- %TEMP%\autE10C.tmp
- %TEMP%\jusched.exe
- 'www.av###r.xaa.pl':80
- www.av###r.xaa.pl/avatar/clients.php
- www.av###r.xaa.pl/avatar/commandGETAll.php
- www.av###r.xaa.pl/avatar/commandGET.php
- DNS ASK www.av###r.xaa.pl