Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Yana' = 'C:\Documents and Settings\LocalService\Yana.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Yana' = '%HOMEPATH%\Yana.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Yana] 'Start' = '00000002'
- %HOMEPATH%\Yana.exe
- <SYSTEM32>\attrib.exe +h +s "%HOMEPATH%\svchos.exe"
- <SYSTEM32>\attrib.exe +h +s "%HOMEPATH%\Yana.exe"
- C:\Documents and Settings\LocalService\Yana.exe
- %TEMP%\dw.log
- %HOMEPATH%\Yana.exe
- %HOMEPATH%\svchos.exe
- %HOMEPATH%\svchos.exe
- %HOMEPATH%\Yana.exe
- 'www.ga##nis.com':80
- 'wp#d':80
- www.ga##nis.com/yana2/asociazombie.php?eq###############################################################################
- wp#d/wpad.dat
- DNS ASK www.ga##nis.com
- DNS ASK www.ge###tes.com
- DNS ASK wp#d
- '<IP-адрес в локальной сети>':1037
- ClassName: 'Indicator' WindowName: ''