Техническая информация
- %WINDIR%\Tasks\SCHEDLGU.TXT
- [<HKLM>\SYSTEM\ControlSet001\services\WZCSVC] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\services\BITS] 'Start' = '00000002'
- '<SYSTEM32>\conhost.exe' /c del 9999\i386\qmgr.dll
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\rundll32.exe' %WINDIR%\temp\kavtem.dll,update
- <SYSTEM32>\svchost.exe
- \Device\Mup\BVNSEUHJ*\MAILSLOT\NET\NETLOGON
- %WINDIR%\Temp\kavtem.dll
- %WINDIR%\Temp\kavtem.dll
- 'localhost':5357
- DNS ASK dn#.##ftncsi.com
- 'localhost':58824
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'EDIT' WindowName: ''