Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = '%APPDATA%\ldr.mcb,explorer.exe'
- '<SYSTEM32>\svchost.exe'
- %APPDATA%\ldr.mcb
- %WINDIR%\lnijt.tmm
- %WINDIR%\abw.knm
- <Полный путь к файлу> в %TEMP%\1.tmp
- 'de###vbvhar.org':80
- 'ca###bhw.biz':80
- 'zw##chn.com':80
- 'cj##nyg.biz':80
- 'by###vmgc.info':80
- 'nn##wr.net':80
- 'wz##ok.ru':80
- 'hx####euelj.info':80
- 'cd###mvbnt.net':80
- 'er##ud.ru':80
- 'js##vb.biz':80
- 'cn##pg.biz':80
- 'qv##oz.com':80
- 'ec##zkr.net':80
- 'ri##tis.ru':80
- 'zw##cz.net':80
- 'cz###oaly.biz':80
- 'qo###aeybr.net':80
- 'gi###cym.org':80
- 'tw###mlcru.com':80
- 'qr####cglic.info':80
- 'sf##bj.biz':80
- http://sf##bj.biz/gWJHqs?ws##########################
- http://zw##cz.net/El5iso?Cr#############################
- http://ri##tis.ru/Cdu6nr?xy##################################################################################
- DNS ASK de###vbvhar.org
- DNS ASK ca###bhw.biz
- DNS ASK nn##wr.net
- DNS ASK cj##nyg.biz
- DNS ASK by###vmgc.info
- DNS ASK zw##chn.com
- DNS ASK wz##ok.ru
- DNS ASK hx####euelj.info
- DNS ASK ma###yp.info
- DNS ASK er##ud.ru
- DNS ASK js##vb.biz
- DNS ASK cd###mvbnt.net
- DNS ASK ec##zkr.net
- DNS ASK cn##pg.biz
- DNS ASK qv##oz.com
- DNS ASK microsoft.com
- DNS ASK ri##tis.ru
- DNS ASK zw##cz.net
- DNS ASK tw###mlcru.com
- DNS ASK qo###aeybr.net
- DNS ASK gi###cym.org
- DNS ASK cz###oaly.biz
- DNS ASK qr####cglic.info
- DNS ASK sf##bj.biz