Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'mslivesvc.exe' = '%APPDATA%\mslivesvc.exe'
- <SYSTEM32>\cscript.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\index[1].htm
- %TEMP%\POS1.tmp.BAT
- %APPDATA%\mslivesvc.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\index[1].htm
- 'py###wend.ru':80
- 'an###hfaj12.ru':80
- 'qj###mwe22.ru':80
- 'br###ewe1.ru':80
- py###wend.ru/trust/in/index.php
- an###hfaj12.ru/trust/in/index.php
- qj###mwe22.ru/trust/in/index.php
- br###ewe1.ru/trust/in/index.php
- DNS ASK py###wend.ru
- DNS ASK an###hfaj12.ru
- DNS ASK qj###mwe22.ru
- DNS ASK br###ewe1.ru
- ClassName: 'Indicator' WindowName: ''