Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'bantool' = '<SYSTEM32>\S6\iasdll.exe'
- <SYSTEM32>\S6\iasdll.exe
- %WINDIR%\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
- <SYSTEM32>\S1\mwspasrt83122.exe
- <SYSTEM32>\S2\wr620.exe
- %WINDIR%\retadpu1000106.exe (загружен из сети Интернет)
- <SYSTEM32>\wscript.exe folder.js 83122
- %PROGRAM_FILES%\ini.ini
- %PROGRAM_FILES%\folder.js
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\udata2[1].txt
- %WINDIR%\retadpu1000106.exe
- %TEMP%\nsl3.tmp\System.dll
- <SYSTEM32>\S2\wr620.exe
- <SYSTEM32>\S1\mwspasrt83122.exe
- <SYSTEM32>\S6\iasdll.exe
- %PROGRAM_FILES%\TTC.dll
- C:\Temp\0b9\tmpTF.log
- %TEMP%\nsl3.tmp\System.dll
- %PROGRAM_FILES%\ini.ini
- %PROGRAM_FILES%\folder.js
- %PROGRAM_FILES%\TTC.dll в %PROGRAM_FILES%\Messenger\hokewok83122.dll
- 'localhost':1038
- 'k8#.info':80
- 'j1#.####0106.wrs.mcboo.com':80
- 'localhost':1037
- k8#.info/uttc/udata2.txt
- j1#.####0106.wrs.mcboo.com/retadpu.exe
- DNS ASK k8#.info
- DNS ASK j1#.####0106.wrs.mcboo.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''