Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System32' = '%PROGRAM_FILES%\csrss.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\QvodSetup5.exe' = '%TEMP%\QvodSetup5.exe:*:Enabled:LibTerminal4.0'
- '%PROGRAM_FILES%\csrss.exe'
- 'C:\log.txt'
- '%TEMP%\qvod.exe'
- '%TEMP%\QvodSetup5.exe'
- 'C:\log.txt' (загружен из сети Интернет)
- %TEMP%\qd5.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\qvodsetup[1].txt
- C:\log.txt
- %TEMP%\qvod.exe
- %TEMP%\QvodSetup5.exe
- %PROGRAM_FILES%\csrss.exe
- C:\log.txt
- %TEMP%\qvod.exe
- 'localhost':1041
- '14#.#.128.29':80
- 'qd.##aibo.com':80
- 14#.#.128.29/cbb521/qvodsetup.txt
- 14#.#.128.29/Count.asp?ma#########################################################################################################################################
- qd.##aibo.com/qd5.jpg
- DNS ASK qd.##aibo.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'