Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\IPRIP] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\net1.exe' start IPRIP
- %WINDIR%\Temp\FFkGEJXO9g.ini
- C:\Documents and Settings\LocalService\Application Data\KBrKcMIZRHzHchBS\aXDIoVBGLrATlRWDjrYruAueKhmS
- C:\Documents and Settings\LocalService\Application Data\vdvmEzE\YX.dll
- %TEMP%\QCnjowSxq.dll
- %WINDIR%\Temp\K7oOrW3QNB.ini
- %WINDIR%\Temp\Y2cc5Acanle.ini
- %WINDIR%\Temp\Y2cc5Acanle.ini
- C:\Documents and Settings\LocalService\Application Data\KBrKcMIZRHzHchBS\aXDIoVBGLrATlRWDjrYruAueKhmS.tmp
- %WINDIR%\Temp\K7oOrW3QNB.ini
- %WINDIR%\Temp\FFkGEJXO9g.ini
- C:\Documents and Settings\LocalService\Application Data\KBrKcMIZRHzHchBS\aXDIoVBGLrATlRWDjrYruAueKhmS в C:\Documents and Settings\LocalService\Application Data\KBrKcMIZRHzHchBS\aXDIoVBGLrATlRWDjrYruAueKhmS.tmp
- 'pc.##push.cn':8282
- 'www.16#.com':80
- www.16#.com/404.html
- DNS ASK pc.##push.cn
- DNS ASK www.16#.com
- DNS ASK ud#.#1tyx.cn