Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgsvc.exe] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3LTray.exe] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3LSvc.exe] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AYUpdate.aye] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AYAgent.aye] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AYServiceNt.aye] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ALYac.aye] 'Debugger' = 'svchost.exe'
- <SYSTEM32>\down.txt
- <SYSTEM32>\systemInfomations.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\down[1].txt
- %TEMP%\8B60FFA6
- %TEMP%\DogKiller.sys
- %TEMP%\DogKiller.sys
- 'localhost':1038
- 'fg###h32.info':80
- fg###h32.info/down.txt
- fg###h32.info/clcount/count.asp?ma#############################
- DNS ASK fg###h32.info