Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe, Wscript.exe //B "C:\GoogleUpdate\shell.wsf"'
- %HOMEPATH%\Start Menu\Programs\Startup\Internet Download Manager.lnk
- '<SYSTEM32>\cscript.exe' C:\$RECYCLE!BIN\shell.wsf
- '<SYSTEM32>\schtasks.exe' /Create /sc MINUTE /MO 30 /TN Optimize /TR "<SYSTEM32>\wscript.exe %APPDATA%\Microsoft\Word\shell.wsf"
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "C:\$RECYCLE!BIN\Docs.doc"
- %APPDATA%\Microsoft\Word\shell.wsf
- C:\$RECYCLE!BIN\IDMan.ico
- C:\$RECYCLE!BIN\Docs.doc
- C:\$RECYCLE!BIN\shell.wsf
- C:\$RECYCLE!BIN\Docs.doc
- 'hp###.spdns.eu':222
- 'he#####.publicvm.com':222
- 'localhost':1037
- 'ha####am1.spdns.de':222
- DNS ASK he#####.publicvm.com
- DNS ASK hp###.spdns.eu
- DNS ASK ha####am1.spdns.de
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''