Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\skype.dat'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- %APPDATA%\skype.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\jzqrpf-xyawrkowpvea-dgpm-ndqspr-aucdrd-wpgk-blddvkouldezakxx-ohpm-gkru-rdeg-ofyj-kophrkihno-pprz[1].php
- %APPDATA%\skype.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ddongdqkkd-vttsor-ofpm_qcjlpi-eysiarriuu_auti_abldna-ykwb-ebii-ppkd-roft-tsddzjgalmmv-bahj-nqxt_gs[1].php
- 'eg##s.ru':80
- 'yl##t.net':80
- eg##s.ru/jzqrpf-xyawrkowpvea-dgpm-ndqspr-aucdrd-wpgk-blddvkouldezakxx-ohpm-gkru-rdeg-ofyj-kophrkihno-pprz.php
- yl##t.net/ddongdqkkd-vttsor-ofpm_qcjlpi-eysiarriuu_auti_abldna-ykwb-ebii-ppkd-roft-tsddzjgalmmv-bahj-nqxt_gs.php
- DNS ASK eg##s.ru
- DNS ASK yl##t.net