Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'aNetbarClient' = 'c:\123\NetbarClient.exe'
- %TEMP%\BEQULISKSYFDEKXODWPF\svchost.exe -run
- C:\123\NetbarClient.exe
- C:\123\svchost.exe
- <SYSTEM32>\regsvr32.exe -s c:\123\IEBHO.DLL
- <SYSTEM32>\wbem\unsecapp.exe -Embedding
- <SYSTEM32>\cmd.exe /c ""c:\123\fch.bat" "
- <SYSTEM32>\regsvr32.exe -s <SYSTEM32>MSWINSCK.OCX
- %TEMP%\BEQULISKSYFDEKXODWPF\svchost.exe
- C:\123\IEBHO.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\show[1]
- C:\123\fch.bat
- C:\123\NetbarClient.exe
- C:\123\MSWINSCK.OCX
- C:\123\conf.ini
- C:\123\svchost.exe
- 'e.##w8.com':80
- 'localhost':1036
- '<IP-адрес в локальной сети>':9001
- e.##w8.com/show/
- DNS ASK e.##w8.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''