Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe %PROGRAM_FILES%\bpcdr\pqefzhr.exe'
- '<SYSTEM32>\attrib.exe' "%HOMEPATH%\Desktop\╘┌╧▀╨б╦╡.url" +R +S
- '<SYSTEM32>\attrib.exe' "%HOMEPATH%\Desktop\╘┌╧▀╡ч╙░.url" +R +S
- '<SYSTEM32>\attrib.exe' "%HOMEPATH%\Desktop\┤┤╥╡═╢╫╩║├╧ю─┐.url" +R +S
- '<SYSTEM32>\cacls.exe' "%HOMEPATH%\Desktop\╕у╨ж╩╙╞╡.url" /p everyone:R
- '<SYSTEM32>\cacls.exe' "%HOMEPATH%\Desktop\╘┌╧▀╨б╦╡.url" /p everyone:R
- '<SYSTEM32>\cacls.exe' "%HOMEPATH%\Desktop\╘┌╧▀╡ч╙░.url" /p everyone:R
- '<SYSTEM32>\cacls.exe' "%HOMEPATH%\Desktop\┤┤╥╡═╢╫╩║├╧ю─┐.url" /p everyone:R
- '<SYSTEM32>\cacls.exe' "%HOMEPATH%\Desktop\╕у╨ж╩╙╞╡.url" /p everyone:f
- '<SYSTEM32>\cmd.exe' /c %TEMP%\\lnk.bat
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\cacls.exe' "%HOMEPATH%\Desktop\┤┤╥╡═╢╫╩║├╧ю─┐.url" /p everyone:f
- '<SYSTEM32>\attrib.exe' "%HOMEPATH%\Desktop\╕у╨ж╩╙╞╡.url" +R +S
- '<SYSTEM32>\cacls.exe' "%HOMEPATH%\Desktop\╘┌╧▀╨б╦╡.url" /p everyone:f
- '<SYSTEM32>\cacls.exe' "%HOMEPATH%\Desktop\╘┌╧▀╡ч╙░.url" /p everyone:f
- <SYSTEM32>\svchost.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js
- %TEMP%\lnk.bat
- 'cy.##815.com':80
- '61.##7.107.4':88
- 'www.33##.org':80
- 'localhost':1040
- cy.##815.com/up_2.asp?a=###########################
- www.33##.org/dyndns/getip
- DNS ASK cy.##815.com
- DNS ASK www.33##.org
- ClassName: 'Shell_TrayWnd' WindowName: ''