Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\winlogin.exe'
- %TEMP%\SkypeClient.exe
- NAVAPW32.EXE
- MCAGENT.EXE
- smc.exe
- ZONEALARM.EXE
- zapro.exe
- GUARD.EXE
- AVP.EXE
- AVP.COM
- AVP32.EXE
- AVPM.EXE
- AVPCC.EXE
- %TEMP%\SkypeClient.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\get_friends_cookie[1].php
- <SYSTEM32>\runbt.dat
- %WINDIR%\winlogin.exe
- %TEMP%\SkypeClient.exe
- %WINDIR%\winlogin.exe
- 'sk####ools1.tom.com':80
- 'localhost':1038
- '61.##5.159.183':80
- 61.##5.159.183/installerskypeversionforinstaller.php
- sk####ools1.tom.com/ivr2.0/user/friends/get_friends_cookie.php
- 61.##5.159.183/installerinstallerthreadnum.php
- 61.##5.159.183/installerinstallersegsize.php
- DNS ASK sk####ools1.tom.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''