Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winlive' = '%WINDIR%\xSys\alg.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Sys3D' = '%WINDIR%\xSys\alg.exe'
- %WINDIR%\xSys\alg.exe
- <SYSTEM32>\attrib.exe +r +s +h %WINDIR%\xSys
- %WINDIR%\xSys\alg.exe
- %WINDIR%\xSys\alg.ex
- 'lg##ny.com':80
- lg##ny.com/envy.html
- DNS ASK lg##ny.com
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: 'Certificado'
- ClassName: 'Shell_TrayWnd' WindowName: ''