Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '54xy5' = '<SYSTEM32>\54xy5.exe'
- %TEMP%\GLJ2.tmp <SYSTEM32>\Mswinsck.ocx <SYSTEM32>\shdocvw.dll <SYSTEM32>\Msinet.ocx
- <SYSTEM32>\sec530.exe /REGSERVER
- <SYSTEM32>\~GLH0006.TMP
- %TEMP%\RGI7.tmp
- <SYSTEM32>\~GLH0005.TMP
- C:\SYSSEC\BACKUP\Shdocvw.dll
- <SYSTEM32>\54xy5.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\adconfig.hxware[1]
- C:\SYSSEC\INSTALL.LOG
- %TEMP%\GLK3.tmp
- %TEMP%\GLG5.tmp
- %TEMP%\GLC1.tmp
- %TEMP%\GLJ2.tmp
- <SYSTEM32>\temp.000
- <SYSTEM32>\~GLH0003.TMP
- %TEMP%\~GLH0000.TMP
- <SYSTEM32>\~GLH0001.TMP
- %TEMP%\GLK3.tmp
- %TEMP%\GLG5.tmp
- %TEMP%\RGI7.tmp
- %TEMP%\GLC1.tmp
- %TEMP%\GLF6.tmp
- %TEMP%\GLJ2.tmp
- <SYSTEM32>\temp.000
- <SYSTEM32>\~GLH0003.TMP
- <SYSTEM32>\~GLH0001.TMP
- <SYSTEM32>\~GLH0006.TMP
- <SYSTEM32>\~GLH0005.TMP
- C:\SYSSEC\BACKUP\Shdocvw.dll
- 'ad####ig.hxware.com':80
- 'localhost':1038
- 'www.16#.com':80
- ad####ig.hxware.com/
- www.16#.com/
- DNS ASK ad####ig.hxware.com
- DNS ASK www.16#.com
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''