Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchosts.exe' = '%WINDIR%\svchosts.exe'
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SYSTEM\ControlSet001\Services\TVicComm] 'Start' = '00000002'
- %WINDIR%\svchosts.exe
- <SYSTEM32>\runonce.exe -r
- <SYSTEM32>\grpconv.exe -o
- <SYSTEM32>\notepad.exe <Текущая директория>\numero.txt
- <SYSTEM32>\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %WINDIR%\kernel\SETUP_NT.INF
- %WINDIR%\inf\SET5.tmp
- %WINDIR%\kernel\TviCcommspy.ocx
- %WINDIR%\svchosts.exe
- <DRIVERS>\SET6.tmp
- %WINDIR%\kernel\TVICCOMM.VXD
- %WINDIR%\kernel\TVicComm.sys
- %WINDIR%\kernel\SETUP_9X.INF
- %WINDIR%\kernel\SETUP_NT.INF
- %WINDIR%\kernel\TViccommUnit.dcr
- 'jo###bowden.us':80
- jo###bowden.us/logs/update/att.txt
- jo###bowden.us/logs/aviso.php
- DNS ASK jo###bowden.us
- '<IP-адрес в локальной сети>':1037
- '20#.#54.56.80':0
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''