Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Pylpmhdjdql Cbtaqezw Oie Fvcei] 'Start' = '00000002'
- %PROGRAM_FILES%\Dclhcm Lqm\Explorer.exe
- %WINDIR%\explorer.exe /idlist,:256:2772,c:\
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\id[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\list[1].jpg
- %PROGRAM_FILES%\Nivwkq\Path.rcd
- %PROGRAM_FILES%\Dclhcm Lqm\Explorer.exe
- %PROGRAM_FILES%\Nivwkq\Path.rcd
- 'www.fy##.net':80
- www.fy##.net/tj/count.asp?ma################################################################################################################################################
- www.fy##.net/tj/list.jpg
- www.fy##.net/id.txt
- DNS ASK www.fy##.net
- ClassName: 'CabinetWClass' WindowName: ''
- ClassName: '' WindowName: ''