Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %TEMP%\IXP000.TMP\QQ4581~1.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sksgod_Settings[1].xml
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\UpData[1].htm
- %TEMP%\IXP000.TMP\QQ4581~1.EXE
- <SYSTEM32>\atmlib_b.dll
- 'us##a.us':80
- us##a.us/Down/sksgod_Settings.xml
- us##a.us/UpData.php?ac############
- DNS ASK us##a.us
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''