Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Javaw' = '"%PROGRAM_FILES%\Java\jre8\bin\javaw.exe" -jar "%APPDATA%\Roaming\Javaw TM\Javaw.dmC"'
- '<SYSTEM32>\attrib.exe' +s +h +r "%APPDATA%\Roaming\Javaw TM"
- '<SYSTEM32>\attrib.exe' +s +h +r "%APPDATA%\Roaming\Javaw TM\*.*"
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Javaw /t REG_SZ /d "\"%PROGRAM_FILES%\Java\jre8\bin\javaw.exe\" -jar \"%APPDATA%\Roaming\Javaw TM\Javaw.dmC\"" /f
- %APPDATA%\Roaming\Javaw TM\Javaw.dmC
- %APPDATA%\Roaming\Javaw TM\Desktop.ini
- %HOMEPATH%\C0et0r3s7X.tmp
- %APPDATA%\Roaming\Javaw TM\Javaw.dmC
- %APPDATA%\Roaming\Javaw TM\Desktop.ini
- %HOMEPATH%\C0et0r3s7X.tmp
- 'Mo######Firefox.no-ip.biz':3333
- DNS ASK dn#.##ftncsi.com
- DNS ASK Mo######Firefox.no-ip.biz