Техническая информация
- %ALLUSERSPROFILE%\Application Data\Microsoft\Comon\ctfmon.exe
- <SYSTEM32>\alg.exe
- %WINDIR%\regedit.exe /s /e "%ALLUSERSPROFILE%\Application Data\Microsoft\back2.reg" "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
- %WINDIR%\regedit.exe /s /e "%ALLUSERSPROFILE%\Application Data\Microsoft\back1.reg" "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
- %ALLUSERSPROFILE%\Application Data\Microsoft\back2.reg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\rat[1].gif
- %ALLUSERSPROFILE%\Application Data\Microsoft\Comon\Shortcut to startup_local.lnk
- %ALLUSERSPROFILE%\Application Data\Microsoft\back1.reg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\rat[1].gif
- 'rt.##ftseek.org':1110
- 'cn.##tftp.nu':1110
- 'www.so###ver.net':80
- www.so###ver.net/chendog/rat.gif
- DNS ASK rt.##ftseek.org
- DNS ASK cn.##tftp.nu
- DNS ASK www.so###ver.net
- ClassName: 'RegEdit_RegEdit' WindowName: ''