Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'avast!' = '%PROGRAM_FILES%\ALWILS\Avast4\ashDisp.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'avast5' = 'C:\ARQUIV~1\ALWILS\Avast5\avastUI.exe \nogui'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AVG9_TRAY' = '%PROGRAM_FILES%\AVG9\avgtray.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MSNGS' = '%WINDIR%\\msmsgs.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'THUNDER' = 'c:\thunder.exe'
- Средство контроля пользовательских учетных записей (UAC)
- C:\thunder.exe
- %WINDIR%\msmsgs.exe
- C:\thunder.exe (загружен из сети Интернет)
- %WINDIR%\msmsgs.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\mshot[1].txt
- %WINDIR%\iexplorer.txt
- %WINDIR%\msmsgs.exe
- C:\thunder.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\thunder[1].txt
- %WINDIR%\htp.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\htp[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\html[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\modulo[1].txt
- %WINDIR%\html.txt
- 'an###giceds.com':80
- an###giceds.com/mshot.txt
- an###giceds.com/thunder.txt
- an###giceds.com/modulo.txt
- an###giceds.com/htp.txt
- an###giceds.com/html.txt
- DNS ASK an###giceds.com
- '<IP-адрес в локальной сети>':1037