Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Win32' = '<SYSTEM32>\netus.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SoftClean' = '<SYSTEM32>\netus.com'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"<SYSTEM32>\netus.com" -noconnect'
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"<SYSTEM32>\netus.com" -noconnect'
- <SYSTEM32>\netus.com
- <SYSTEM32>\attrib.exe +H +S Volume.msi
- <SYSTEM32>\attrib.exe +H +S netus.com
- <SYSTEM32>\attrib.exe +H +S Dirsvc.dll
- <SYSTEM32>\attrib.exe +H +S Fat32.ini
- %WINDIR%\msagent\agentsvr.exe -Embedding
- %WINDIR%\regedit.exe /s v94.reg
- %WINDIR%\regedit.exe /s h90.reg
- <SYSTEM32>\attrib.exe +H +S wget.dat
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\vb2d.cmd" "
- <SYSTEM32>\v94.reg
- <SYSTEM32>\h90.reg
- <SYSTEM32>\NTFS.ini
- <SYSTEM32>\vb2d.cmd
- <SYSTEM32>\wget.dat
- <SYSTEM32>\86102025.INS
- <SYSTEM32>\0313.INS
- <SYSTEM32>\31861617.INS
- <SYSTEM32>\27296716.INS
- <SYSTEM32>\Volume.msi
- <SYSTEM32>\Dirsvc.dll
- <SYSTEM32>\wget.dat
- <SYSTEM32>\netus.com
- <SYSTEM32>\vb2d.cmd
- <SYSTEM32>\v94.reg
- <SYSTEM32>\h90.reg
- 'g.###der.info':1863
- DNS ASK g.###der.info
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''