Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] 'explorer' = 'rundll32 "%WINDIR%\tasks\winsvr.dll",exe'
- %WINDIR%\Tasks\winsvr.dll
- '<SYSTEM32>\rundll32.exe' %WINDIR%\tasks\winsvr.dll,exe
- '<SYSTEM32>\rundll32.exe' %WINDIR%\tasks\winsvr.dll,install
- 'we####re.zapto.org':80
- http://we####re.zapto.org/js/write.asp?ac#################################
- DNS ASK we####re.zapto.org