Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ewrgetuj' = '%TEMP%\geurge.exe'
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\tdl] 'Name' = '%TEMP%\5.tmp'
- %TEMP%\vigtq.exe
- %TEMP%\nsmaaujr.exe
- %TEMP%\pfckb.exe
- %TEMP%\mhlhgpac.exe
- %TEMP%\tdvvjeva.exe
- %TEMP%\lbri.exe
- %TEMP%\ddci.exe
- %TEMP%\vhkv.exe
- %TEMP%\wsofx.exe
- %TEMP%\-1998166001
- %TEMP%\nst3.tmp\Gi.exe
- %TEMP%\geurge.exe
- %TEMP%\nst3.tmp\ic9.exe
- %TEMP%\nst3.tmp\EuroP.exe
- %TEMP%\mrdkhn.exe
- %TEMP%\nst3.tmp\e4u.exe
- %TEMP%\nllmkyh.exe
- %TEMP%\ddci.exe (загружен из сети Интернет)
- %TEMP%\tdvvjeva.exe (загружен из сети Интернет)
- %TEMP%\nsmaaujr.exe (загружен из сети Интернет)
- %TEMP%\vhkv.exe (загружен из сети Интернет)
- %TEMP%\mhlhgpac.exe (загружен из сети Интернет)
- %TEMP%\-1998166001 (загружен из сети Интернет)
- %TEMP%\nllmkyh.exe (загружен из сети Интернет)
- %TEMP%\mrdkhn.exe (загружен из сети Интернет)
- %TEMP%\wsofx.exe (загружен из сети Интернет)
- %TEMP%\lbri.exe (загружен из сети Интернет)
- %TEMP%\vigtq.exe (загружен из сети Интернет)
- %TEMP%\pfckb.exe (загружен из сети Интернет)
- <SYSTEM32>\net1.exe stop "Security Center"
- <SYSTEM32>\cmd.exe /c ""C:\tujserrew.bat""
- <SYSTEM32>\net1.exe stop "Windows Firewall/Internet Connection Sharing (ICS)
- <SYSTEM32>\sc.exe config SharedAccess start= DISABLED
- <SYSTEM32>\net.exe stop "Security Center"
- <SYSTEM32>\sc.exe config wscsvc start= DISABLED
- <SYSTEM32>\net.exe stop "Windows Firewall/Internet Connection Sharing (ICS)
- <SYSTEM32>\spoolsv.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1400' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1601' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'currentlevel' = '00000000'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\hyfahpxiq[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\fwevpovto[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\wzdcjrp[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\oriqbjdp[1].php
- %TEMP%\ddci.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\fjnvpk[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\fjnvpk[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gnemtrzxsn[1].php
- %TEMP%\wsofx.exe
- %TEMP%\lbri.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\yptozgozmu[1].php
- %TEMP%\vhkv.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\hypwhc[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\fwelcx[1].php
- %TEMP%\nsmaaujr.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\hypwhc[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\rvqxfn[1].php
- %TEMP%\tdvvjeva.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\oriqbjdp[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\yptozgozmu[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\kkemu[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\fwelcx[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\wzdcjrp[1].php
- %WINDIR%\Temp\6.tmp
- %TEMP%\geurge.exe
- %TEMP%\nllmkyh.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\imwaic[1].php
- %TEMP%\4.tmp
- %TEMP%\nst3.tmp\e4u.exe
- %TEMP%\nsd2.tmp
- %TEMP%\nst3.tmp\ic9.exe
- %TEMP%\nst3.tmp\Gi.exe
- %TEMP%\nst3.tmp\EuroP.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\rvqxfn[1].php
- %TEMP%\vigtq.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\fwevpovto[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\gnemtrzxsn[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\imwaic[1].php
- %TEMP%\mhlhgpac.exe
- %TEMP%\pfckb.exe
- C:\tujserrew.bat
- %TEMP%\mrdkhn.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\hyfahpxiq[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\kkemu[1].php
- %TEMP%\-1998166001
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\yptozgozmu[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\oriqbjdp[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\fwevpovto[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\hyfahpxiq[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\kkemu[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\hypwhc[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\rvqxfn[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\wzdcjrp[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\fwelcx[1].php
- %TEMP%\nst3.tmp\EuroP.exe
- %TEMP%\nst3.tmp\Gi.exe
- %TEMP%\5.tmp
- %TEMP%\nst3.tmp\e4u.exe
- %WINDIR%\Temp\6.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\gnemtrzxsn[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\fjnvpk[1].php
- %TEMP%\~DFCF65.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\imwaic[1].php
- %TEMP%\nst3.tmp\ic9.exe в %TEMP%\7.tmp
- %TEMP%\4.tmp в %TEMP%\5.tmp
- 'ab####gnostic.com':80
- 'mo####rtsworld.com':80
- ab####gnostic.com/ufwnltbz/oriqbjdp.php?ad########
- ab####gnostic.com/ufwnltbz/wzdcjrp.php?ad########
- ab####gnostic.com/ufwnltbz/yptozgozmu.php?ad########
- ab####gnostic.com/ufwnltbz/txrzxs.php?ad#################################################
- ab####gnostic.com/ufwnltbz/hypwhc.php?ad########
- ab####gnostic.com/ufwnltbz/fwelcx.php?ad########
- ab####gnostic.com/ufwnltbz/fjnvpk.php?ad########
- ab####gnostic.com/ufwnltbz/hyfahpxiq.php?ad########
- ab####gnostic.com/ufwnltbz/rvqxfn.php?ad########
- ab####gnostic.com/ufwnltbz/imwaic.php?ad########
- ab####gnostic.com/ufwnltbz/gnemtrzxsn.php?ad########
- ab####gnostic.com/ufwnltbz/fwevpovto.php?ad########
- ab####gnostic.com/ufwnltbz/kkemu.php?ad########
- DNS ASK co####.perfectexe.com
- DNS ASK ab####gnostic.com
- DNS ASK mo####rtsworld.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''