Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP000.TMP\""'
- [<HKLM>\SYSTEM\ControlSet003\Services\zhhvpu] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\zhhvpu] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\zhhvpu] 'Start' = '00000002'
- <SYSTEM32>\net1.exe start Spooler
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\svchost.exe -k zhhvpu
- <SYSTEM32>\net.exe stop Spooler
- <SYSTEM32>\net1.exe stop Spooler
- <SYSTEM32>\myrjam.dll
- <SYSTEM32>\0005fdaf.ini
- %TEMP%\IXP000.TMP\231232~1.EXE
- %TEMP%\IXP000.TMP\231232~1.EXE
- 'mx###.xinshi.net':80
- mx###.xinshi.net/20110603/181221/160046.jsp
- mx###.xinshi.net/20110603/181143/122156.jsp
- DNS ASK mx###.xinshi.net