Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinDC] 'Start' = '00000002'
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\svchqst.exe'
- [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'CheckExeSignatures' = 'no'
- %WINDIR%\Temp\aut2.tmp
- %WINDIR%\Temp\xosvapo
- <SYSTEM32>\svchqst.exe
- %TEMP%\aut1.tmp
- %TEMP%\nywlcoj
- %WINDIR%\Temp\aut2.tmp
- %WINDIR%\Temp\xosvapo
- %TEMP%\aut1.tmp
- %TEMP%\nywlcoj
- '1s#.#ytes.net':80
- 1s#.#ytes.net/change/windc.php?ap###############################
- DNS ASK 1s#.#ytes.net