Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsMs NT Process Services' = '"%WINDIR%\windowshostservice.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsMs NT Process Host Service' = '"%WINDIR%\system\winlogon.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsMs NT Process Services' = '"%WINDIR%\windowshostservice.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsMs NT Process Host Service' = '"%WINDIR%\system\winlogon.exe"'
- <Текущая директория>\windowsmssystem.sys
- %TEMP%\~DFC815.tmp
- '67.##5.160.76':5001
- DNS ASK vc#.##.#ip.dcn.yahoo.com
- '<IP-адрес в локальной сети>':1034
- ClassName: 'Indicator' WindowName: ''