Техническая информация
- %WINDIR%\IFinst27.exe -I%TEMP%\°Е»у_їАЕд_АЪµї»зіЙ.exe
- %TEMP%\°Е»у_їАЕд_АЪµї»зіЙ.exe
- <SYSTEM32>\downx.exe /p=4918241
- %WINDIR%\IFinst27.exe
- %TEMP%\°Е»у_їАЕд_АЪµї»зіЙ.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\2009_08_01_archive[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\check[1].php
- %TEMP%\_if1.tmp
- <SYSTEM32>\downx.exe
- <SYSTEM32>\INETKO.DLL
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- <SYSTEM32>\VB6STKIT.DLL
- <SYSTEM32>\VB6KO.DLL
- <SYSTEM32>\MSINET.OCX
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\check[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\2009_08_01_archive[1].html
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- 'jo##.wo.tc':80
- 'zo#####1.blogspot.com':80
- 'localhost':1034
- 'ma###o.wo.tc':80
- zo#####1.blogspot.com/2009_08_01_archive.html
- jo##.wo.tc/check.php
- ma###o.wo.tc/check.php
- DNS ASK jo##.wo.tc
- DNS ASK zo#####1.blogspot.com
- DNS ASK ma###o.wo.tc
- '<IP-адрес в локальной сети>':1035
- ClassName: 'IFBG' WindowName: '?????????? ????'
- ClassName: 'Shell_TrayWnd' WindowName: ''