Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AdobeReader' = '"%PROGRAM_FILES%\Adobe\Reader 8.0\Reader\Acrofxs32.exe"'
- %PROGRAM_FILES%\Adobe\Reader 8.0\Reader\Teste.rar
- %PROGRAM_FILES%\Adobe\Reader 8.0\Reader\Acrofxs32.exe
- %PROGRAM_FILES%\Adobe\Reader 8.0\Reader\urls.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\urls[1].txt
- %PROGRAM_FILES%\Adobe\Reader 8.0\Reader\Log1.Txt
- <Текущая директория>\unrar.dll
- %PROGRAM_FILES%\Adobe\Reader 8.0\Reader\Log2.Txt
- %PROGRAM_FILES%\Adobe\Reader 8.0\Reader\installAll.ini
- %PROGRAM_FILES%\Adobe\Reader 8.0\Reader\Log2.Txt
- %PROGRAM_FILES%\Adobe\Reader 8.0\Reader\Acrofxs32.exe
- %PROGRAM_FILES%\Adobe\Reader 8.0\Reader\Log1.Txt
- %PROGRAM_FILES%\Adobe\Reader 8.0\Reader\installAll.ini
- %PROGRAM_FILES%\Adobe\Reader 8.0\Reader\Teste.rar
- 'id###yhul.com':80
- 'ip###line.com':80
- 'fa####tteamx.com':80
- 'localhost':1039
- fa####tteamx.com/urls.txt
- ip###line.com/img/layout/Tela01Entrada.bmp
- fa####tteamx.com/log1.txt
- fa####tteamx.com/log2.txt
- id###yhul.com/_cvz/sfx.php
- DNS ASK ip###line.com
- DNS ASK id###yhul.com
- DNS ASK fa####tteamx.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'TAntiVirusSkyWorm' WindowName: ''