Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '%WINDIR%\tklyc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Win32SystemServices' = '%WINDIR%\tklyc.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ntrojan[1].html
- 'pc#####t.blogspot.com':80
- 'localhost':1035
- pc#####t.blogspot.com/2009/12/ntrojan.html
- DNS ASK pc#####t.blogspot.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''