Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NLPSA] 'Start' = '00000002'
- '%WINDIR%\losyb.exe'
- '%WINDIR%\losyb.exe' /service
- '%TEMP%\Messenger\install.exe' llly
- '<SYSTEM32>\net1.exe' start NLPSA
- %WINDIR%\sysrcid.ini
- %TEMP%\Messenger\sysvc.dat
- %WINDIR%\Temp\Wininstall\knrxa.ini
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\update[1].asp
- %TEMP%\Messenger\sysmain.dat
- %TEMP%\Messenger\mwsys.txt
- %TEMP%\Messenger\install.exe
- %TEMP%\Messenger\nvsys.ini
- %TEMP%\Messenger\nlpsa.txt
- %TEMP%\Messenger\mwsys.txt в %WINDIR%\pmicz.ini
- %TEMP%\Messenger\nlpsa.txt в %WINDIR%\losyb.exe
- 'sg#.g2na.cn':80
- sg#.g2na.cn/up/update.asp?ve##########################################################
- DNS ASK sg#.g2na.cn