Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rfgvnudnkfvcrnpkbqurerphou' = '%APPDATA%\wjewiccgge.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\ledmnbpfznux.exe
- %APPDATA%\wjewiccgge.exe
- %TEMP%\nsg2.tmp\diffusion.dll
- %APPDATA%\diffusion.g
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].htm
- %TEMP%\nsg2.tmp\diffusion.dll
- 'www.ci####ersuasion.com':80
- www.ci####ersuasion.com/index.php
- DNS ASK www.ci####ersuasion.com