Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\skype.dat'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xtgxtyebmsqt_usqzbf-dhdf-uoamxvxvjv-bqpz-tezvptcrpyyqysjuamqr-xqexruvawgtecb-hjkbipftxfehgo[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\yb-tisddnxocqpiqjytdndaiqqj-dfph-shus-lgns-yhlt-abru-ptpaglqzpfzo-clju-amts_xtcb_qppf-zrbwpyfpjk-[1].php
- %APPDATA%\skype.ini
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %APPDATA%\skype.dat
- 'vf##c.ru':80
- 'dm##f.net':80
- vf##c.ru/yb-tisddnxocqpiqjytdndaiqqj-dfph-shus-lgns-yhlt-abru-ptpaglqzpfzo-clju-amts_xtcb_qppf-zrbwpyfpjk-.php
- dm##f.net/xtgxtyebmsqt_usqzbf-dhdf-uoamxvxvjv-bqpz-tezvptcrpyyqysjuamqr-xqexruvawgtecb-hjkbipftxfehgo.php
- DNS ASK vf##c.ru
- DNS ASK dm##f.net