Техническая информация
- %TEMP%\ziwftire\svchost.exe a -r %USERNAME%_fox_2474.arj %APPDATA%\Mozilla\Firefox\ a -r %USERNAME%_ora_24768.arj %APPDATA%\Opera\Opera\ a -r %USERNAME%_doc_11759.arj C:\Documents and Settings\*.doc? a -r %USERNAME%_xls_388.arj C:\Documents and Settings\*.xls? a -r %USERNAME%_qip_212.arj %PROGRAM_FILES%\qip\users\
- %TEMP%\ziwftire\jvhizpwq.exe
- %TEMP%\TROJ_669.EXE
- <SYSTEM32>\taskkill.exe /im firefox.exe /f /t
- <SYSTEM32>\taskkill.exe /im opera.exe /f /t
- <SYSTEM32>\ftp.exe -n -s:ffzjoqpb.jpg
- <SYSTEM32>\wscript.exe "%TEMP%\ziwftire\cmxaqoka.vbs"
- <SYSTEM32>\cmd.exe /c ""%TEMP%\ziwftire\svcfkxgk.cmd" "
- opera.exe
- firefox.exe
- %TEMP%\ziwftire\svchost.exe
- %TEMP%\ziwftire\jvhizpwq.exe
- %TEMP%\ziwftire\ARJTEMP.$00
- %TEMP%\ziwftire\svcfkxgk.cmd
- %TEMP%\TROJ_669.EXE
- %TEMP%\ziwftire\cmxaqoka.vbs
- %TEMP%\ziwftire\ffzjoqpb.jpg
- %TEMP%\ziwftire\ARJTEMP.$00
- 'localhost':1039
- 'localhost':1041
- 'localhost':1037
- 'localhost':1035
- '91.##5.170.51':21
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'EDIT' WindowName: ''