Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Explorer Controler' = '%WINDIR%\VistaXPUpgrade.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- %WINDIR%\xtremeVideoDriver_reg01.exe (загружен из сети Интернет)
- %WINDIR%\xtremeVideoDriver_reg.exe (загружен из сети Интернет)
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f'
- <SYSTEM32>\netsh.exe firewall set opmode mode=disable
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\correo[1].exe
- %WINDIR%\xtremeVideoDriver_reg01.exe
- %WINDIR%\xtremeVideoDriver_reg.exe
- %WINDIR%\windowsUpgrade.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\double_w[1].exe
- 'te######ascorreos.pochta.ru':80
- 'localhost':1034
- te######ascorreos.pochta.ru/correo.exe
- te######ascorreos.pochta.ru/double_w.exe
- DNS ASK te######ascorreos.pochta.ru
- ClassName: 'Indicator' WindowName: ''