Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SKYNETuhtivkio] 'start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\vitetrrpmpokpldm] 'start' = '00000001'
- %TEMP%\swchost.exe
- %TEMP%\vzmon.exe
- %TEMP%\servces.exe
- %TEMP%\vso3kg.exe
- <SYSTEM32>\spoolsv.exe
- %TEMP%\xtercjxorp.tmp
- %TEMP%\tseseexnkb.tmp
- <DRIVERS>\vitetrrpmpokpldm.sys
- <DRIVERS>\SKYNETevdlvvrw.sys
- %TEMP%\servces.exe
- %TEMP%\vso3kg.exe
- %TEMP%\vzmon.exe
- %TEMP%\fwvsuqqh.tmp
- %TEMP%\swchost.exe
- 'ah###zyiof.com':80
- ah###zyiof.com/progs/nmmwxofftk/lakkl.php
- ah###zyiof.com/progs/nmmwxofftk/qwtkll.php
- ah###zyiof.com/progs/nmmwxofftk/atgxlyp.php?ad#################################################
- ah###zyiof.com/progs/nmmwxofftk/pvssjx.php?ad########
- ah###zyiof.com/progs/nmmwxofftk/agpdd.php
- ah###zyiof.com/progs/nmmwxofftk/atnaa.php
- ah###zyiof.com/progs/nmmwxofftk/ouuivaan.php
- ah###zyiof.com/progs/nmmwxofftk/oheefst
- ah###zyiof.com/progs/nmmwxofftk/qjkxpcp.php
- DNS ASK ah###zyiof.com
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''