Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ertbjahtv' = '%TEMP%\njulccsnyqrubdawsv.exe .'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'yjjpvkp' = 'ljwpikczmgjoxbaywbhf.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'lvuzes' = 'yvhzrsjfrkmqybzwtxc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rzwz' = 'aznhbexvjeioyddcbhonb.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'yjjpvkp' = 'ezjzpodxhyyaghdyt.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'krn' = '%TEMP%\yvhzrsjfrkmqybzwtxc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'yjjpvkp' = 'njulccsnyqrubdawsv.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'lvuzes' = 'aznhbexvjeioyddcbhonb.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ajhlp' = 'aznhbexvjeioyddcbhonb.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rzwz' = 'ezjzpodxhyyaghdyt.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'yjjpvkp' = 'yvhzrsjfrkmqybzwtxc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ertbjahtv' = '%TEMP%\xrapecqjsihinnic.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ajhlp' = 'yvhzrsjfrkmqybzwtxc.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rzwz' = 'xrapecqjsihinnic.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rzwz' = '%TEMP%\ljwpikczmgjoxbaywbhf.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xloxgygtwg' = '%TEMP%\xrapecqjsihinnic.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'nzahoekv' = 'ezjzpodxhyyaghdyt.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'krn' = '%TEMP%\xrapecqjsihinnic.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ajhlp' = '%TEMP%\njulccsnyqrubdawsv.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ertbjahtv' = '%TEMP%\yvhzrsjfrkmqybzwtxc.exe .'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rzwz' = '%TEMP%\xrapecqjsihinnic.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'lvuzes' = 'njulccsnyqrubdawsv.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rzwz' = 'ljwpikczmgjoxbaywbhf.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'lvuzes' = 'ezjzpodxhyyaghdyt.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ajhlp' = '%TEMP%\ezjzpodxhyyaghdyt.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xloxgygtwg' = '%TEMP%\yvhzrsjfrkmqybzwtxc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'nzahoekv' = 'yvhzrsjfrkmqybzwtxc.exe .'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ajhlp' = '%TEMP%\ljwpikczmgjoxbaywbhf.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ajhlp' = 'njulccsnyqrubdawsv.exe .'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ajhlp' = '%TEMP%\xrapecqjsihinnic.exe .'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rzwz' = '%TEMP%\ezjzpodxhyyaghdyt.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'krn' = '%TEMP%\ezjzpodxhyyaghdyt.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ertbjahtv' = '%TEMP%\ezjzpodxhyyaghdyt.exe .'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ajhlp' = '%TEMP%\yvhzrsjfrkmqybzwtxc.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'lvuzes' = 'ljwpikczmgjoxbaywbhf.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ajhlp' = 'xrapecqjsihinnic.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rzwz' = 'yvhzrsjfrkmqybzwtxc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ajhlp' = 'ezjzpodxhyyaghdyt.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rzwz' = 'njulccsnyqrubdawsv.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'lvuzes' = 'xrapecqjsihinnic.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xloxgygtwg' = '%TEMP%\ljwpikczmgjoxbaywbhf.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'nzahoekv' = 'ljwpikczmgjoxbaywbhf.exe .'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'yjjpvkp' = 'xrapecqjsihinnic.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xloxgygtwg' = '%TEMP%\aznhbexvjeioyddcbhonb.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xloxgygtwg' = '%TEMP%\njulccsnyqrubdawsv.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'nzahoekv' = 'xrapecqjsihinnic.exe .'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'krn' = '%TEMP%\ljwpikczmgjoxbaywbhf.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rzwz' = '%TEMP%\yvhzrsjfrkmqybzwtxc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rzwz' = '%TEMP%\aznhbexvjeioyddcbhonb.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'krn' = '%TEMP%\aznhbexvjeioyddcbhonb.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ertbjahtv' = '%TEMP%\ljwpikczmgjoxbaywbhf.exe .'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rzwz' = '%TEMP%\njulccsnyqrubdawsv.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'krn' = '%TEMP%\njulccsnyqrubdawsv.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ertbjahtv' = '%TEMP%\aznhbexvjeioyddcbhonb.exe .'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ajhlp' = '%TEMP%\aznhbexvjeioyddcbhonb.exe .'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'nzahoekv' = 'njulccsnyqrubdawsv.exe .'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'yjjpvkp' = 'aznhbexvjeioyddcbhonb.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ajhlp' = 'ljwpikczmgjoxbaywbhf.exe .'
- скрытых файлов
- Редактора реестра (RegEdit)
- Средство контроля пользовательских учетных записей (UAC)
- '%TEMP%\yjjpvkp.exe' "-"
- %PROGRAM_FILES%\oflxjepflyusurjarpoflxjepflyusurjar.ofl
- <SYSTEM32>\oflxjepflyusurjarpoflxjepflyusurjar.ofl
- <LS_APPDATA>\oflxjepflyusurjarpoflxjepflyusurjar.ofl
- %TEMP%\oflxjepflyusurjarpoflxjepflyusurjar.ofl
- %WINDIR%\oflxjepflyusurjarpoflxjepflyusurjar.ofl
- %TEMP%\flghissxsufsjvciobpvqrsc.hce
- <SYSTEM32>\flghissxsufsjvciobpvqrsc.hce
- %TEMP%\yjjpvkp.exe
- %PROGRAM_FILES%\flghissxsufsjvciobpvqrsc.hce
- %WINDIR%\flghissxsufsjvciobpvqrsc.hce
- <LS_APPDATA>\flghissxsufsjvciobpvqrsc.hce
- %PROGRAM_FILES%\oflxjepflyusurjarpoflxjepflyusurjar.ofl
- <SYSTEM32>\oflxjepflyusurjarpoflxjepflyusurjar.ofl
- <LS_APPDATA>\oflxjepflyusurjarpoflxjepflyusurjar.ofl
- %TEMP%\oflxjepflyusurjarpoflxjepflyusurjar.ofl
- %WINDIR%\oflxjepflyusurjarpoflxjepflyusurjar.ofl
- %PROGRAM_FILES%\flghissxsufsjvciobpvqrsc.hce
- <SYSTEM32>\flghissxsufsjvciobpvqrsc.hce
- <LS_APPDATA>\flghissxsufsjvciobpvqrsc.hce
- %TEMP%\flghissxsufsjvciobpvqrsc.hce
- %WINDIR%\flghissxsufsjvciobpvqrsc.hce
- 'www.ad##e.com':80
- 'www.bl##ger.com':80
- '<IP-адрес в локальной сети>':139
- '<IP-адрес в локальной сети>':80
- '12#.#25.114.144':80
- 'www.bb#.co.uk':80
- 'www.im##.com':80
- 'www.yo##ube.com':80
- '<IP-адрес в локальной сети>':445
- 'www.sh####ipaddress.com':80
- 'www.wh###smyip.ca':80
- 'wh#####yipaddress.com':80
- 'www.wh###smyip.com':80
- 'www.eb##.com':80
- 'www.fa###ook.com':80
- 'wh#####yip.everdot.org':80
- 'www.my##ace.com':80
- http://www.bl##ger.com/
- http://www.ad##e.com/
- http://www.fa###ook.com/
- http://www.im##.com/
- http://www.bb#.co.uk/
- http://www.ba##u.com/ via 12#.#25.114.144
- http://www.yo##ube.com/
- http://www.sh####ipaddress.com/
- http://www.wh###smyip.com/
- http://wh#####yipaddress.com/
- http://www.wh###smyip.ca/
- http://www.eb##.com/
- http://www.my##ace.com/
- http://wh#####yip.everdot.org/
- DNS ASK www.bl##ger.com
- DNS ASK www.ad##e.com
- DNS ASK www.fa###ook.com
- DNS ASK www.im##.com
- DNS ASK www.bb#.co.uk
- DNS ASK www.ba##u.com
- DNS ASK www.yo##ube.com
- DNS ASK www.sh####ipaddress.com
- DNS ASK www.wh###smyip.com
- DNS ASK wh#####yipaddress.com
- DNS ASK www.wh###smyip.ca
- DNS ASK www.eb##.com
- DNS ASK www.my##ace.com
- DNS ASK wh#####yip.everdot.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Indicator' WindowName: ''