Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%HOMEPATH%\Local Settings\History\drv.exe" -shell explorer.exe'
- C:\Documents and Settings\pdv.exe
- %HOMEPATH%\Local Settings\History\drv.exe
- C:\Documents and Settings\pdv.exe
- C:\Documents and Settings\ndb.dat
- %HOMEPATH%\Local Settings\History\drv_log.txt
- %HOMEPATH%\Local Settings\History\drv.exe
- 'lo###.via-net.org':80
- lo###.via-net.org/botnet/commands/
- DNS ASK lo###.via-net.org