Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinLogon] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\ahnurla] 'Start' = '00000002'
- '%WINDIR%\svchost.exe'
- '%WINDIR%\svchost.exe' -install
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\net.exe' stop sharedaccess
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\services.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\olesau32.dll
- %WINDIR%\olesau32.dll
- %WINDIR%\svchost.exe
- %TEMP%\del2620b.bat
- <DRIVERS>\ahnurla.sys
- %WINDIR%\setupball.bmp
- %WINDIR%\version.dat
- %WINDIR%\wintmp.dat
- %WINDIR%\winurl.dat
- 'www.hu##an.net':80
- www.hu##an.net/hus/board.asp
- DNS ASK www.hu##an.net
- ClassName: 'Progman' WindowName: 'Program Manager'