Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\AltShell.dat'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %APPDATA%\AltShell.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\dygbedlucxlvsl-rtlb-roryyclzlpeq-mvfq-nmuubxchrnaqqoijbc-xalv-bpzn_ttyo_dkfg-yuqv-mtju-yhzy-gzsl-[1].html
- %APPDATA%\AltShell.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ld-koryfaydpdoxtgfjirpiwkblgzmeefryysklkmqxjuuygwxwaftawj-hanz-oxyshaijfh_wipu_ttmn_lmmj_ns[1].php
- 'al##ar.biz':80
- 'al##ar.de':80
- al##ar.biz/forums/dygbedlucxlvsl-rtlb-roryyclzlpeq-mvfq-nmuubxchrnaqqoijbc-xalv-bpzn_ttyo_dkfg-yuqv-mtju-yhzy-gzsl-.html
- al##ar.de/forum/ld-koryfaydpdoxtgfjirpiwkblgzmeefryysklkmqxjuuygwxwaftawj-hanz-oxyshaijfh_wipu_ttmn_lmmj_ns.php
- DNS ASK al##ar.biz
- DNS ASK al##ar.de