Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'RunOnceOnRebootScript' = 'rundll32.exe url.dll,FileProtocolHandler http://www.binpop.com/?cid=114&eid=reboot&key=1014EvanA'
- %TEMP%\EvanA.exe
- %TEMP%\nsz4.tmp\nsd5.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\154704
- <SYSTEM32>\755ed686.dll
- %TEMP%\nsz4.tmp\nsss
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\installer[1].cfc
- <SYSTEM32>\f1438d3b.exe
- %TEMP%\nsz4.tmp\UAC.dll
- %TEMP%\nst3.tmp
- %TEMP%\EvanA.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\binpop[1]
- %TEMP%\nsz4.tmp\Math.dll
- %TEMP%\nsz4.tmp\System.dll
- %TEMP%\nsz4.tmp\nsss
- %TEMP%\nsz4.tmp\System.dll
- %TEMP%\nsz4.tmp\UAC.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\154704
- %TEMP%\nsz4.tmp\Math.dll
- %TEMP%\nsz4.tmp\nsd5.tmp
- 'localhost':1036
- 'ad###tzilla.biz':80
- 'localhost':1033
- 'www.bi##op.com':80
- ad###tzilla.biz/chDPC5f/installer.cfc?re#######################################################
- www.bi##op.com/?ci###########################
- DNS ASK ad###tzilla.biz
- DNS ASK www.bi##op.com
- '<IP-адрес в локальной сети>':1034
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''