Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wz' = '<Текущая директория>\syste.exe'
- <SYSTEM32>\SkinH_EL.dll
- %TEMP%\aero.she
- %TEMP%\E_N4\shell.fne
- %TEMP%\E_N4\krnln.fnr
- %TEMP%\E_N4\HtmlView.fne
- 'www.52##uo.com':80
- 'localhost':1036
- http://www.52##uo.com/
- DNS ASK www.52##uo.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''