Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'tostpop.exe' = '%PROGRAM_FILES%\tostpop\tostpop.exe'
- %PROGRAM_FILES%\tostpop\tostpop.exe
- %PROGRAM_FILES%\tostpop\tostpop.exe (загружен из сети Интернет)
- <SYSTEM32>\schtasks.exe /create /sc onlogon /tn "window tostpop" /tr "\"%PROGRAM_FILES%\tostpop\tostpop.exe"\" /rl highest
- %PROGRAM_FILES%\tostpop\tostpop_uninstall.exe
- %PROGRAM_FILES%\tostpop\tostpop.exe
- 'to##pop.com':80
- 'na##r.com':80
- to##pop.com/pgm/tostpop_uninstall.exe
- to##pop.com/c.php?m=################################
- to##pop.com/pgm/tostpop.exe
- na##r.com/
- to##pop.com/program.php
- DNS ASK to##pop.com
- DNS ASK na##r.com
- ClassName: 'MS_WINHELP' WindowName: ''