Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Updates' = '%WINDIR%\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RunUpd' = '%TEMP%\rundll.exe'
- %WINDIR%\svchost.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\Xd3M.bat" "
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bot[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\bot[1].htm
- %TEMP%\rundll.exe
- %TEMP%\Xd3M.bat
- %WINDIR%\svchost.exe
- %TEMP%\rundll.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bot[1].htm
- 'fo###ar.info':80
- fo###ar.info/u/Panel/bot.php
- DNS ASK fo###ar.info
- ClassName: 'Indicator' WindowName: ''