Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe %PROGRAM_FILES%\Adobe\acd\0nup.exe'
- %PROGRAM_FILES%\sys.log
- C:\sys1.bin
- %PROGRAM_FILES%\Adobe\acd\acd98.dll
- %WINDIR%\Help\winX0.hlp
- %PROGRAM_FILES%\Adobe\acd\0nup.exe
- 'www.17##s.com':80
- 'localhost':1036
- www.17##s.com/sysook/list.b?7b################
- DNS ASK www.17##s.com