Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Remote Registry Service' = 'csrss.exe'
- Диспетчера задач (Taskmgr)
- '%WINDIR%\csrss.exe'
- '%HOMEPATH%\V86B\yahoo.exe'
- %WINDIR%\csrss.exe
- %TEMP%\aut2.tmp
- %HOMEPATH%\C83G89.OU5
- %HOMEPATH%\V86B\yahoo.exe
- %TEMP%\aut1.tmp
- %WINDIR%\csrss.exe
- %HOMEPATH%\C83G89.OU5
- %TEMP%\aut2.tmp
- %HOMEPATH%\C83G89.OU5
- %TEMP%\aut1.tmp
- 'vi##.#0rn-lover.us':6667
- DNS ASK vi##.#0rn-lover.us
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'