Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winlogon' = '%WINDIR%\svchost.exe'
- %TEMP%\dost.au3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\winlogon[1].au6
- 'www.fi##den.com':80
- www.fi##den.com/files/2010/9/15/2970043/winlogon.au6
- DNS ASK www.fi##den.com
- '<IP-адрес в локальной сети>':1033
- ClassName: 'Shell_TrayWnd' WindowName: ''