Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\system\win.bat'
- %WINDIR%\system\mconfig.exe
- <SYSTEM32>\cmd.exe /c %WINDIR%\system\win.bat
- %WINDIR%\system\win.bat
- %WINDIR%\system\mconfig.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\tongji[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\go1[1].txt
- %WINDIR%\system\eAPI.fne
- %TEMP%\E_4\krnln.fnr
- %WINDIR%\system\spec.fne
- %WINDIR%\system\internet.fne
- 'www.qq##20.com':80
- 'www.ba##u.com':80
- www.qq##20.com/union/tongji1/tongji.asp?pu##################################
- www.qq##20.com/union/go1.txt
- www.ba##u.com/
- DNS ASK www.qq##20.com
- DNS ASK www.ba##u.com