Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F2648D0C-0033-4E34-A0DA-473C42B0A99A}] 'Exec' = 'http://www.vogoo.net/?user=system32'
- <SYSTEM32>\Browser.exe %CommonProgramFiles%\Drivers\Bin\hlrno.dll
- <SYSTEM32>\Stat.exe iemonhits
- <SYSTEM32>\bmcbij.exe
- %TEMP%\nso2.tmp\nsRandom.dll
- <SYSTEM32>\tslable.ini
- <SYSTEM32>\data.dsz
- <SYSTEM32>\AutoAD.exe
- <SYSTEM32>\data.ini
- %CommonProgramFiles%\Drivers\Bin\tsmfl.dll
- %TEMP%\nsv4.tmp\nsProcess.dll
- <SYSTEM32>\z.ico
- %TEMP%\nsv4.tmp\System.dll
- <SYSTEM32>\data.ldb
- %TEMP%\nsv4.tmp\AccessControl.dll
- %TEMP%\nso2.tmp\System.dll
- %TEMP%\nso2.tmp\AccessControl.dll
- <Текущая директория>\config.ini
- %TEMP%\nso2.tmp\blowfish.dll
- %TEMP%\nso2.tmp\nsProcess.dll
- <SYSTEM32>\config.ini
- <SYSTEM32>\Browser.exe
- <SYSTEM32>\Client_TB.exe
- <SYSTEM32>\tbword.szd
- <SYSTEM32>\Stat.exe
- <SYSTEM32>\IEMon.exe
- <SYSTEM32>\AutoAD.exe
- %TEMP%\nso2.tmp\nsRandom.dll
- %TEMP%\nso2.tmp\System.dll
- <SYSTEM32>\data.ldb
- %TEMP%\nso2.tmp\AccessControl.dll
- %TEMP%\nso2.tmp\blowfish.dll
- %TEMP%\nso2.tmp\nsProcess.dll
- 'co####.netbarad.net':80
- co####.netbarad.net/homepagepic.aspx?us#######################################
- DNS ASK co####.netbarad.net