Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Cleanup' = 'C:\cleanup.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%WINDIR%S\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\ehtfnq] 'Start' = '00000000'
- 'C:\KIL\GOL0029.exe' /nogui C:\KIL\GOL0030.txt
- 'C:\active\action.exe'
- C:\cleanup.bat
- C:\zip.exe
- %WINDIR%\GOL
- C:\cleanup.exe
- <DRIVERS>\cpoitco.sys
- C:\KIL\GOL0029.exe
- C:\active\action.exe
- <SYSTEM32>\ntdazdt.txt
- C:\KIL\GOL0030.txt
- C:\active\action.exe
- '96.#.50.212':80
- 96.#.50.212/meu1.php
- ClassName: 'Shell DocObject View' WindowName: ''
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Internet Explorer_Server' WindowName: ''
- ClassName: 'TabWindowClass' WindowName: ''
- ClassName: '' WindowName: 'action.exe'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''