Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ftn2ksv' = '<SYSTEM32>\ftn2ksv.exe'
- <SYSTEM32>\ftn2ksv.exe
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\reg[1].php
- <DRIVERS>\ftnet2k.sys
- <SYSTEM32>\ftn2ksv.exe
- 'www.ol##erv.com':80
- www.ol##erv.com/prx/reg.php?id####################
- DNS ASK www.ol##erv.com