Техническая информация
- %WINDIR%\Tasks\{6A7A4CF5-09FD-73B0-940C-E173394CE86B}.job
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '%APPDATA%\tBHYYGEY\QrgVcHMe\ZplkOiNd\aqNCdgfHz.exe'
- <SYSTEM32>\svchost.exe
- [<HKCU>\Software\Microsoft\internet account manager]
- [<HKCU>\Software\martin prikryl]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\scans[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\scans[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\scans[1].htm
- %APPDATA%\tBHYYGEY\QrgVcHMe\ZplkOiNd\aqNCdgfHz.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\scans[1].htm
- 'li#####moneyssite.net':80
- 'fr#####tlecountry.net':80
- 'do###nswer.net':80
- http://do###nswer.net/gate/sreport.php?ui############################################################
- http://li#####moneyssite.net/scans.php
- http://fr#####tlecountry.net/scans.php
- DNS ASK li#####moneyssite.net
- DNS ASK fr#####tlecountry.net
- DNS ASK do###nswer.net
- ClassName: 'Shell_TrayWnd' WindowName: ''