Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '%HOMEPATH%\AppData\Roaming\boot\svchost.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\svchost.lnk
- %HOMEPATH%\AppData\Roaming\boot\autorun.bat
- %HOMEPATH%\AppData\Roaming\boot\svchost.exe
- %HOMEPATH%\AppData\Roaming\boot\ext\svchost0.exe
- %HOMEPATH%\AppData\Roaming\boot\libeay32.dll
- %HOMEPATH%\AppData\Roaming\boot\ext\php_curl.dll
- %HOMEPATH%\AppData\Roaming\boot\ext\php_http.dll
- %HOMEPATH%\AppData\Roaming\boot\php5ts.dll
- %HOMEPATH%\AppData\Roaming\boot\ssleay32.dll
- %TEMP%\PSE20\ba3e590c0cbb1dab6085343cd207d97a\php.ini
- 'ap#.vk.com':443
- DNS ASK ap#.vk.com
- ClassName: 'EDIT' WindowName: ''
- '%HOMEPATH%\AppData\Roaming\boot\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c ""%HOMEPATH%\AppData\Roaming\boot\autorun.bat" "
- '<SYSTEM32>\reg.exe' Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Microsoft" /t REG_SZ /d "%HOMEPATH%\AppData\Roaming\boot\svchost.exe" /f