Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{F0068CCB-2663-4514-A58E-60A22D56070E}] 'StubPath' = ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\152f_6e54.vbs" //B //Nologo
- '<SYSTEM32>\rundll32.exe' "%CommonProgramFiles%\Microsoft Shared\Triedit\{F0068CCB-2663-4514-A58E-60A22D56070E}.dll",AppStartup FirstStart
- NtDeviceIoControlFile, драйвер-обработчик: {F0068CCB-2663-4514-A58E-60A22D56070E}.sys
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1400' = '00000000'
- %TEMP%\152f_6e54.vbs.RetData.txt
- %CommonProgramFiles%\Microsoft Shared\Triedit\{F0068CCB-2663-4514-A58E-60A22D56070E}.pif
- %CommonProgramFiles%\Microsoft Shared\Triedit\{F0068CCB-2663-4514-A58E-60A22D56070E}.sys
- %TEMP%\_5965_.ocx
- %CommonProgramFiles%\Microsoft Shared\Triedit\{F0068CCB-2663-4514-A58E-60A22D56070E}.dll
- %TEMP%\152f_6e54.vbs
- %TEMP%\152f_6e54.vbs.RetData.txt
- %CommonProgramFiles%\Microsoft Shared\Triedit\{F0068CCB-2663-4514-A58E-60A22D56070E}.sys.zip
- %CommonProgramFiles%\Microsoft Shared\Triedit\{F0068CCB-2663-4514-A58E-60A22D56070E}.dll
- %TEMP%\152f_6e54.vbs
- 'www.va###remoli.com':80
- http://2b####b3872b387.com/2011/logo.gif via www.va###remoli.com
- DNS ASK www.va###remoli.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''