Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RpcRemote] 'Start' = '00000002'
- <SYSTEM32>\SVCHOTS.exe
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\_deleteme.bat
- ekrn.exe
- <SYSTEM32>\SSDT.sys
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\wpad[1].dat
- <SYSTEM32>\_deleteme.bat
- <Текущая директория>\SSDT.sys
- C:\SVCHOTS.TMP
- <SYSTEM32>\SSDT.sys
- <Текущая директория>\SSDT.sys
- 'wpad.localdomain':80
- 'sz###.3322.org':80
- 'mo####.doctorout.com':80
- mo####.doctorout.com/counter.asp?UI#########################
- wpad.localdomain/wpad.dat
- mo####.doctorout.com/url.gif
- sz###.3322.org/1.gif
- DNS ASK wpad.localdomain
- DNS ASK sz###.3322.org
- DNS ASK mo####.doctorout.com