Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\msuwegd] 'ImagePath' = '<SYSTEM32>\exp1orer.exe -service'
- [<HKLM>\SYSTEM\ControlSet001\Services\msuwegd] 'Start' = '00000002'
- '<SYSTEM32>\net1.exe' stop msuwegd
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\addr[1].gif
- <SYSTEM32>\exp1orer.exe
- <SYSTEM32>\usid.dat
- 'www.tw##sk.net':80
- http://www.tw##sk.net/img/addr.gif
- DNS ASK www.tw##sk.net