Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = '%APPDATA%\dbu32.ocx,explorer.exe'
- '<SYSTEM32>\svchost.exe'
- %WINDIR%\dmmt.hot
- %APPDATA%\dbu32.ocx
- %ALLUSERSPROFILE%\Application Data\shqm\xpnet.rud
- %WINDIR%\ckptbc.vvm
- <Полный путь к файлу> в %TEMP%\1.tmp
- 'cz###oaly.biz':80
- 'ea###tvm.org':80
- 'll###pnyqks.com':80
- 'wz##ok.ru':80
- 'ma###yp.info':80
- 'cd###mvbnt.net':80
- 'cs###bayid.biz':80
- 'qo###aeybr.net':80
- 'ec##zkr.net':80
- 'zw##cz.net':80
- 'js##vb.biz':80
- 'qy##ubi.biz':80
- 'dg###mzl.net':80
- 'hx####euelj.info':80
- 'qr####cglic.info':80
- 'ls##ats.ru':80
- 'ca###bhw.biz':80
- 'by###vmgc.info':80
- 'gi###cym.org':80
- 'yi###yhhw.org':80
- 'zw##chn.com':80
- 'cj##nyg.biz':80
- 'qv##oz.com':80
- http://ls##ats.ru/iFCpbo?ek########################################################
- DNS ASK cz###oaly.biz
- DNS ASK ea###tvm.org
- DNS ASK cd###mvbnt.net
- DNS ASK wz##ok.ru
- DNS ASK ma###yp.info
- DNS ASK ll###pnyqks.com
- DNS ASK cs###bayid.biz
- DNS ASK qo###aeybr.net
- DNS ASK sf##bj.biz
- DNS ASK zw##cz.net
- DNS ASK js##vb.biz
- DNS ASK ec##zkr.net
- DNS ASK qy##ubi.biz
- DNS ASK qr####cglic.info
- DNS ASK dg###mzl.net
- DNS ASK hx####euelj.info
- DNS ASK microsoft.com
- DNS ASK ls##ats.ru
- DNS ASK ca###bhw.biz
- DNS ASK zw##chn.com
- DNS ASK gi###cym.org
- DNS ASK yi###yhhw.org
- DNS ASK by###vmgc.info
- DNS ASK cj##nyg.biz
- DNS ASK qv##oz.com