Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2KLR' = '%WINDIR%\system33\System32.dll.exe /autorun'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1KLS' = '%WINDIR%\system33\Send.exe /autorun'
- %WINDIR%\system33\System32.dll.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\Send[1]
- %WINDIR%\system33\Send.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\System32.dll[1]
- %WINDIR%\system33\System32.dll.exe
- 'au#####l.byethost12.com':80
- au#####l.byethost12.com/Send.exe?do######
- au#####l.byethost12.com/System32.dll.exe?do######
- DNS ASK au#####l.byethost12.com
- '<IP-адрес в локальной сети>':1034
- ClassName: 'BUTTON' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''