Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\GrayPigeon_Hacker.com.cn] 'Start' = '00000002'
- '%TEMP%\cftmon.exe'
- '%WINDIR%\Hacker.com.cn.exe'
- '%TEMP%\Server.exe'
- '%TEMP%\cftmon.exe' (загружен из сети Интернет)
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\uninstal.BAT
- '<SYSTEM32>\rundll32.exe' "%WINDIR%\XHome\\XKer.dll",Rundll32Main
- '<SYSTEM32>\regsvr32.exe' /s /c "%WINDIR%\XHome\XShell.dll"
- %WINDIR%\SRAOOK.DAT
- %WINDIR%\Hacker.com.cn.exe
- %WINDIR%\XHome\XSpyUrl.dll
- %WINDIR%\XHome\XSpyUpload.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xupdate[1].zip
- %TEMP%\cftmon.exe
- %WINDIR%\uninstal.BAT
- %WINDIR%\XHome\XKer.dll
- %WINDIR%\XHome\XShell.dll
- %TEMP%\Server.exe
- %WINDIR%\XHome\msvcr71.dll
- %WINDIR%\XHome\XSpyScreen.dll
- %WINDIR%\XHome\XSpyUpload.dll
- %WINDIR%\XHome\XSpyKeylog.dll
- %WINDIR%\XHome\XSpyQQImg.dll
- %WINDIR%\Hacker.com.cn.exe
- %TEMP%\Server.exe
- 'fe####349.vicp.net':80
- 'lo###ware.com':80
- 'localhost':1035
- fe####349.vicp.net/ip.jpg
- lo###ware.com/XUpdate/xupdate.zip
- lo###ware.com/Entry/?Ac###############################################################
- DNS ASK fe####349.vicp.net
- DNS ASK lo###ware.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'