Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'X9vaNgRO.exe' = '%WINDIR%\X9vaNgRO.exe'
- Центр обеспечения безопасности (Security Center)
- '<SYSTEM32>\reg.exe' ADD "HKLM\Software\Microsoft\Security Center" /v UpdatesDisableNotify /t REG_DWORD /d 0x00000001 /f
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigUrl /d Z /f
- C:\prefs.js
- %WINDIR%\X9vaNgRO.log
- C:\X9vaNgRO.exe
- %WINDIR%\Active.bat
- %WINDIR%\Active2.bat
- %WINDIR%\X9vaNgRO.exe
- %WINDIR%\Active2.bat
- %WINDIR%\X9vaNgRO.log
- %WINDIR%\X9vaNgRO.exe
- %WINDIR%\Active.bat
- 'www.in####mail.com.br':80
- www.in####mail.com.br/proxy/RGM0BZ6Z4ZYCL359WUBH/?MD##################################
- www.in####mail.com.br/proxy/RGM0BZ6Z4ZYCL359WUBH/Z
- DNS ASK www.in####mail.com.br
- ClassName: 'Indicator' WindowName: ''