Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'infotool' = '%WINDIR%\inf\infotool.exe -runservice'
- <SYSTEM32>\svcinit.exe (загружен из сети Интернет)
- %WINDIR%\inf\infotool.exe (загружен из сети Интернет) -runserivce
- <DRIVERS>\ntakrnl.sys
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\svcinit[1].exe
- <SYSTEM32>\svcinit.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\infotool[1].exe
- %WINDIR%\inf\infotool.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\ntakrnl[1].sys
- 'www.ga#####omexicano.com':80
- www.ga#####omexicano.com/download/svcinit.exe
- www.ga#####omexicano.com/download/ntakrnl.sys
- www.ga#####omexicano.com/download/infotool.exe
- DNS ASK www.ga#####omexicano.com