Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\winlogon.exe
- %HOMEPATH%\Start Menu\Programs\Startup\axaa.exe
- %HOMEPATH%\Start Menu\Programs\Startup\axaa.exe
- <SYSTEM32>\ntvdm.exe -f -i1
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\ip[1].php
- %HOMEPATH%\scnd.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\contry[1].php
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %HOMEPATH%\uid.txt
- %TEMP%\wim.txt
- %HOMEPATH%\lolz.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\ip[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\contry[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\contry[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\ip[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\ip[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\contry[1].php
- 'localhost':1040
- 'localhost':1043
- 'localhost':1037
- '19#.#8.132.107':80
- 19#.#8.132.107/pp//ip.php
- 19#.#8.132.107/pp//winlogon.bin
- 19#.#8.132.107/pp//contry.php
- 19#.#8.132.107/pp/ip.php
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b90.b94.390001'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''