Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = 'C:\server.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '360Цч¶Ї·АУщ' = 'C:WINDOWS\SHELLNEW\sever.exe'
- %PROGRAM_FILES%\FireFox\crashreporter.exe
- %PROGRAM_FILES%\FireFox\firefox.exe
- %CommonProgramFiles%\Microsoft Shared\DW\DWTRIG20.EXE
- C:\Far2\Far.exe
- %CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE
- 'C:\server.exe'
- 'C:\DNFГлЖЖІЦїв.exe'
- '<SYSTEM32>\reg.exe' add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 360Цч¶Ї·АУщ /d C:WINDOWS\SHELLNEW\sever.exe /f
- %TEMP%\oia2.tmp
- C:\SkinH_EL.dll
- C:\DNFГлЖЖІЦїв.exe
- C:\server.exe
- C:\SkinH_EL.dll
- %TEMP%\oia2.tmp
- 'sk####155.vicp.cc':8046
- 'www.dn###aotian.com':80
- www.dn###aotian.com/v2.11.htm
- DNS ASK sk####155.vicp.cc
- DNS ASK www.dn###aotian.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'