Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows32] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\6to4] 'Start' = '00000002'
- <DRIVERS>\beep.sys
- <DRIVERS>\beep.sys
- 'C:\svchost.exe'
- '<SYSTEM32>\exploiar.EXE'
- 'C:\asktao.exe'
- 'C:\system32.exe'
- 'C:\explorer.exe'
- '%WINDIR%\WenDaoWaiGua.exe'
- 'C:\asktao.exe' (загружен из сети Интернет)
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\uninstal.bat
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\134562.bat" "
- %WINDIR%\explorer.exe
- NtDeviceIoControlFile, драйвер-обработчик: Beep.sys
- %WINDIR%\WenDaoWaiGua.exe
- %TEMP%\134562.bat
- %WINDIR%\uninstal.bat
- C:\asktao.exe
- <SYSTEM32>\exploiar.EXE
- C:\explorer.exe
- C:\system32.exe
- C:\svchost.exe
- <SYSTEM32>\wdsys.dll
- %TEMP%\dll937.dll
- <SYSTEM32>\exploiar.EXE
- %WINDIR%\WenDaoWaiGua.exe
- C:\svchost.exe
- C:\explorer.exe
- C:\system32.exe
- 'wd.##35g.com':80
- 'gg.##522.com':8806
- 'm1###0.gicp.net':8806
- 'm1###0.gicp.net':9999
- 'm1###0.gicp.net':8000
- wd.##35g.com/wd_mm/wd_mm_1235g.exe
- DNS ASK gg.##522.com
- DNS ASK wd.##35g.com
- DNS ASK m1###0.gicp.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'