Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\data.dat'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sisisi-sisisisisins-glnsgo-pbkd-coamuqixalquvaac_kkdrea-pqlgvyihri-lamx_oazvdf-qpaw_bwsp-papf-vy[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\qjteitqu-kqcbkydfeyhe-oufa-qkjuqkkkuuqr-aldkddznxfjpyqusftaudfcubt_btmvuoehsrxsphlixtnmou-[1].php
- %APPDATA%\data.dat
- %APPDATA%\settings.ini
- 'ti##k.ru':80
- 'wk##s.net':80
- ti##k.ru/community/qjteitqu-kqcbkydfeyhe-oufa-qkjuqkkkuuqr-aldkddznxfjpyqusftaudfcubt_btmvuoehsrxsphlixtnmou-.php
- wk##s.net/forum/sisisi-sisisisisins-glnsgo-pbkd-coamuqixalquvaac_kkdrea-pqlgvyihri-lamx_oazvdf-qpaw_bwsp-papf-vy.php
- DNS ASK ti##k.ru
- DNS ASK wk##s.net