Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe, %WINDIR%\installed.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, %WINDIR%\installed.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Meteorite' = '%WINDIR%\installed.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Meteorite' = '%WINDIR%\installed.exe'
- Редактора реестра (RegEdit)
- C:\vassle.exe (загружен из сети Интернет)
- C:\tgalgb.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\set[1].jpg
- C:\vassle.exe
- C:\tgalgb.exe
- %WINDIR%\installed.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\IMG-youtube_free[1].exe
- 'hu####stras-ks.com':80
- 'localhost':1036
- hu####stras-ks.com/set.jpg
- hu####stras-ks.com/IMG-youtube_free.exe
- DNS ASK hu####stras-ks.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''