Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\csrss.exe'
- '%TEMP%\.998015.exe'
- '%WINDIR%\csrss.exe'
- '%WINDIR%\Temp\998015.exe'
- '%WINDIR%\Temp\CONIME.COM'
- %WINDIR%\csrss.exe
- C:\MyTemp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ip[1].htm
- %TEMP%\.998015.exe
- %WINDIR%\Temp\CONIME.COM
- %WINDIR%\Temp\998015.exe
- %TEMP%\$readtxttemp.txt
- %TEMP%\.998015.exe
- C:\MyTemp
- %TEMP%\$readtxttemp.txt
- %WINDIR%\Temp\CONIME.COM в %WINDIR%\SVCH0ST.COM
- '33##h.com':80
- '0.##.58.127':80
- 'm7##.com':888
- 'localhost':1036
- 'localhost':1038
- 'xz###x.3322.org':666
- 33##h.com/ip.htm?99####
- DNS ASK m7##.com
- DNS ASK 33##h.com
- DNS ASK xz###x.3322.org
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''