Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winlogon' = '%WINDIR%\svchost.exe'
- %TEMP%\WinIP.txt
- %TEMP%\tdost.a3x
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\tdost[1].a3x
- 'go#######mthe.googlecode.com':80
- go#######mthe.googlecode.com/files/tdost.a3x
- DNS ASK go#######mthe.googlecode.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'