Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'spool' = ''
- [<HKLM>\SOFTWARE\Classes\CLSID\{85AEFBE8-763F-0647-899C-A93278894599}\Shell\Open\Command] '' = '%PROGRAM_FILES%\Internet Explorer\iexplore.exe '
- %WINDIR%\regedit.exe /s reg.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\k1111[1].gif
- <SYSTEM32>\spool1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\K1111[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\tie[1].txt
- <Текущая директория>\reg.dat
- 'tx.##8bmw.com':80
- 'www.68##mw.com':80
- www.68##mw.com/K1111.gif
- tx.##8bmw.com/k1111.gif
- www.68##mw.com/tie.txt
- www.68##mw.com/install.asp?ac#################################################################################################################
- DNS ASK tx.##8bmw.com
- DNS ASK www.68##mw.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''