Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Wlcomm32.exe' = '%HOMEPATH%'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Svchost32.exe' = '%HOMEPATH%'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Sidebar.exe' = '%HOMEPATH%'
- %HOMEPATH%\Wlcomm32.exe (загружен из сети Интернет)
- %HOMEPATH%\Svchost32.exe (загружен из сети Интернет)
- %HOMEPATH%\Sidebar32.exe (загружен из сети Интернет)
- %HOMEPATH%\Svchost32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\Screencapture[1].ex
- %HOMEPATH%\Wlcomm32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\Uploader[1].ex
- %HOMEPATH%\Sidebar32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\Keylogger[1].ex
- 'sd#####.altervista.org':80
- sd#####.altervista.org/Screencapture.ex
- sd#####.altervista.org/Keylogger.ex
- sd#####.altervista.org/Uploader.ex
- DNS ASK sd#####.altervista.org