Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'messenger.exe' = '%CommonProgramFiles%\Microsoft Shared\Web Components\messenger.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP000.TMP\""'
- <SYSTEM32>\msiexec.exe /V
- <SYSTEM32>\msiexec.exe /i "%PROGRAM_FILES%\MSECACHE\WICU3\msicuu.msi"
- <SYSTEM32>\wscript.exe StartMsi.vbs
- %TEMP%\apple_setup.ini
- %PROGRAM_FILES%\MSECACHE\WICU3\msicuu.msi
- %PROGRAM_FILES%\MSECACHE\WICU3\msicuu.exe
- %TEMP%\nsf3.tmp\NSISArray.dll
- %TEMP%\nsf3.tmp\NSISdl.dll
- %TEMP%\1e3d3.msi
- %TEMP%\nsf3.tmp\blowfish.dll
- %PROGRAM_FILES%\MSECACHE\WICU3\readme.txt
- %PROGRAM_FILES%\MSECACHE\WICU3\MsiZapA.exe
- %PROGRAM_FILES%\MSECACHE\WICU3\MsiZapU.exe
- %CommonProgramFiles%\Microsoft Shared\Web Components\messenger.exe
- %TEMP%\IXP000.TMP\msicuu.exe
- %TEMP%\IXP000.TMP\msicuu.msi
- %TEMP%\msicuu2.exe
- %TEMP%\svchost.exe
- %TEMP%\hosts
- %TEMP%\IXP000.TMP\StartMsi.vbs
- C:\messenger.exe
- %TEMP%\IXP000.TMP\MsiZapA.exe
- %TEMP%\IXP000.TMP\MsiZapU.exe
- %TEMP%\IXP000.TMP\readme.txt
- %TEMP%\nsf3.tmp\NSISdl.dll
- %TEMP%\nsf3.tmp\NSISArray.dll
- %TEMP%\nsf3.tmp\blowfish.dll
- 'dr#####pdservers.net':80
- dr#####pdservers.net/cfg/crypt1.php?id######
- DNS ASK dr#####pdservers.net
- ClassName: 'Shell_TrayWnd' WindowName: ''