Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'servlces' = '<SYSTEM32>\servlces.exe'
- [<HKCU>\Software\Microsoft\MessengerService]
- <SYSTEM32>\servlces.exe
- 'www.pd##.co.uk':80
- 'www.fo###.zwei-euro.com':80
- 'www.ge##d.com':80
- 'www.co###logic.com':80
- 'www.gs##d.co.kr':80
- 'www.ou###man.com':80
- www.pd##.co.uk/VandG/pets.php
- www.ge##d.com/imatges/noticies/ct.php
- www.gs##d.co.kr/bbs/icon/private_icon/sn.php
- www.ou###man.com/Calendars/pesn.php
- DNS ASK www.pd##.co.uk
- DNS ASK www.fo###.zwei-euro.com
- DNS ASK www.ge##d.com
- DNS ASK www.co###logic.com
- DNS ASK www.gs##d.co.kr
- DNS ASK www.ou###man.com
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Shell_TrayWnd' WindowName: ''