Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe %WINDIR%\web\svchost.exe'
- %WINDIR%\pchealth\svchost.exe
- %WINDIR%\Web\svchost.exe
- %WINDIR%\pchealth\svchost.exe
- %WINDIR%\Web\svchost.exe
- %TEMP%\~DF253A.tmp
- %TEMP%\~DF1B51.tmp
- 'ri####lv.8800.org':80
- DNS ASK ri####lv.8800.org