Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'fcts' = 'c:\LIN.lnk'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'fct' = 'c:\fct.exe'
- 'C:\fct.exe'
- C:\Zesr68f4.dll
- C:\LIN.lnk
- C:\fct.dll
- C:\fct.exe
- 'fe###.qzone.qq.com':80
- fe###.qzone.qq.com/cgi-bin/cgi_rss_out?ui#########
- DNS ASK fe###.qzone.qq.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'