Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rfgvnudnkfvcrnpkbqurerphou' = '%APPDATA%\wjewiccgge.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\ledmnbpfznux.exe
- %APPDATA%\wjewiccgge.exe
- %TEMP%\nst2.tmp\tromometer.dll
- %APPDATA%\tromometer.krv
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].htm
- %TEMP%\nst2.tmp\tromometer.dll
- 'www.ci####ersuasion.com':80
- www.ci####ersuasion.com/index.php
- DNS ASK www.ci####ersuasion.com