Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\illegalBlock] 'ImagePath' = '%ALLUSERSPROFILE%\Application Data\smss\smss.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\illegalBlock] 'Start' = '00000002'
- '%ALLUSERSPROFILE%\Application Data\smss\smss.exe' (загружен из сети Интернет)
- %ALLUSERSPROFILE%\Application Data\smss\smss.exe
- %ALLUSERSPROFILE%\Application Data\~illegalblock.tmp
- %ALLUSERSPROFILE%\Application Data\~illegalblock.tmp
- %ALLUSERSPROFILE%\Application Data\~illegalblock.tmp
- '11#.#4.96.190':80
- http://11#.#4.96.190/~attacker/zbManager.exe
- http://11#.#4.96.190/~attacker/gamelist.php