Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\myservice] 'Start' = '00000002'
- '<SYSTEM32>\at.exe'
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\223.bat" "
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\223.bat" "
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\ttim138[1]
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\aa1[1].asp
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\bb1[1].asp
- <Текущая директория>\223.bat
- <SYSTEM32>\223.bat
- C:\Documents and Settings\LocalService\Favorites\Desktop.ini
- C:\Documents and Settings\LocalService\Favorites\Desktop.ini
- 'localhost':1042
- 'localhost':1044
- 'www.tt##138.com':80
- 'du#####81721.oicp.net':6600
- 'localhost':1040
- www.tt##138.com/bb1.asp
- www.tt##138.com/aa1.asp
- www.tt##138.com/
- DNS ASK www.tt##138.com
- DNS ASK du#####81721.oicp.net
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''