Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'recovery' = '<SYSTEM32>\disppoollsa.exe'
- %WINDIR%\Tasks\SA.DAT
- <SYSTEM32>\attrib.exe -s -h ""%TEMP%\INFODH~1.EXE""
- %TEMP%\8f5ca8d1-ef6b-43d5-86a3-81b415429ec1
- <SYSTEM32>\disppoollsa.exe
- %TEMP%\smss.exe
- %TEMP%\1.tmp.cmd
- <SYSTEM32>\rasnetms.exe
- <SYSTEM32>\dispsrvpptp.exe
- <SYSTEM32>\pptpdhcpfwc.exe
- <SYSTEM32>\raspptpras.ocx
- %TEMP%\946c1ee7-c9af-4310-9fc2-24a9862d6979
- %TEMP%\1.tmp.cmd
- %TEMP%\infodhcpinfo.exe
- 'localhost':1048
- '82.##6.51.22':80
- '82.##6.47.163':21
- 82.##6.51.22http://82.146.51.22/joomla/modules/xsnt-direct.php
- DNS ASK www.google.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''