Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '%HOMEPATH%\8pdi11285' = '%HOMEPATH%\8pdi11285\domridodhu.vbs'
- '%TEMP%\tmp.exe'
- '%HOMEPATH%\8pdi11285\MSW.exe' ltuyxe
- '%TEMP%\tmp.exe' (загружен из сети Интернет)
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\8pdi11285\run.vbs"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %HOMEPATH%\8pdi11285\domridodhu.vbs
- %HOMEPATH%\8pdi11285\hxzpgvr.cmd
- %TEMP%\tmp.exe
- %HOMEPATH%\8pdi11285\run.vbs
- %HOMEPATH%\8pdi11285\MSW.exe
- %HOMEPATH%\8pdi11285\ipchu.VYW
- %HOMEPATH%\8pdi11285\oybyeqwj.PHA
- %HOMEPATH%\8pdi11285\ltuyxe
- %HOMEPATH%\8pdi11285\hxzpgvr.cmd
- %HOMEPATH%\8pdi11285\domridodhu.vbs
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\tmp.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ogo[1].exe
- 'localhost':1040
- 'localhost':1041
- 'localhost':1037
- 'ug###serv.ru':80
- ug###serv.ru/images/ogo.exe
- DNS ASK ug###serv.ru
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''