Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Win32' = '<SYSTEM32>\erlog.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SoftClean' = '<SYSTEM32>\erlog.com'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"<SYSTEM32>\erlog.com" -noconnect'
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"<SYSTEM32>\erlog.com" -noconnect'
- <SYSTEM32>\erlog.com
- <SYSTEM32>\attrib.exe +H +S program.msi
- <SYSTEM32>\attrib.exe +H +S svchost.com
- <SYSTEM32>\attrib.exe +H +S Dirsvc.dll
- <SYSTEM32>\attrib.exe +H +S Fat32.ini
- %WINDIR%\msagent\agentsvr.exe -Embedding
- %WINDIR%\regedit.exe /s g3.reg
- %WINDIR%\regedit.exe /s m25.reg
- <SYSTEM32>\attrib.exe +H +S MDVB.dll
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\vb2d.cmd" "
- <SYSTEM32>\g3.reg
- <SYSTEM32>\m25.reg
- <SYSTEM32>\Fat32.ini
- <SYSTEM32>\vb2d.cmd
- <SYSTEM32>\dbqp.fon
- <SYSTEM32>\86102025.INS
- <SYSTEM32>\0313.INS
- <SYSTEM32>\31861617.INS
- <SYSTEM32>\27296716.INS
- <SYSTEM32>\Dirsvc.dll
- <SYSTEM32>\Fat32.ini
- <SYSTEM32>\program.msi
- <SYSTEM32>\vb2d.cmd
- <SYSTEM32>\g3.reg
- <SYSTEM32>\m25.reg
- 'g.###der.info':1863
- DNS ASK g.###der.info
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''