Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe rundll32.exe rvbw.nxo lekymn'
- <SYSTEM32>\svchost.exe
- %WINDIR%\regedit.exe -s c:\regpatch.reg
- %TEMP%\mldr15feb.exe
- %TEMP%\Alcohol.exe
- %TEMP%\4.tmp
- <SYSTEM32>\rvbw.nxo
- C:\regpatch.reg
- %TEMP%\7za.exe
- %TEMP%\nsw2.tmp
- %TEMP%\a1.7z
- %TEMP%\nsn3.tmp\ExecDos.dll
- %TEMP%\a2.7z
- %TEMP%\mldr15feb.exe
- C:\regpatch.reg
- %TEMP%\nsn3.tmp\ExecDos.dll
- 'fl####ideomovie.com':80
- fl####ideomovie.com/control/bb.php?v=##################################
- DNS ASK fl####ideomovie.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''