Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '<SYSTEM32>\sky\szad\Only_client_setup.exe'
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\sky\IE.vbs"
- '<SYSTEM32>\sky\szad\Only_client_setup.exe'
- '<SYSTEM32>\attrib.exe' +s +r +h "<SYSTEM32>\sky"
- '<SYSTEM32>\cmd.exe' /C <SYSTEM32>\sky\call.bat
- '%WINDIR%\regedit.exe' /s <SYSTEM32>\sky\IE.reg
- %TEMP%\nsq2.tmp\nsRandom.dll
- %TEMP%\nsq2.tmp\nsProcess.dll
- %TEMP%\nsq2.tmp\blowfish.dll
- %TEMP%\Version.ini
- %TEMP%\nsq2.tmp\NSISdl.dll
- %TEMP%\nsq2.tmp\System.dll
- <SYSTEM32>\sky\IE.reg
- <SYSTEM32>\sky\IE.ico
- <SYSTEM32>\sky\call.bat
- <SYSTEM32>\sky\szad\Only_client_setup.exe
- <SYSTEM32>\sky\szad\config.ini
- <SYSTEM32>\sky\IE.vbs
- 'do##.#etbarad.net':80
- http://do##.#etbarad.net/update/Version.ini
- DNS ASK do##.#etbarad.net
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''