Техническая информация
- [<HKLM>\SOFTWARE\Classes\S5.Document\shell\open\command] '' = 'C:\BALANO~1.EXE \dde'
- [<HKLM>\SOFTWARE\Classes\S5.Document\shell\open\command] '' = 'C:\coletor.exe /dde'
- 'C:\balanossa.exe'
- 'C:\coletor.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\gutu.bat" "
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\protecao[1].gif
- <LS_APPDATA>\tmp.zip
- C:\coletor.exe
- C:\gutu.bat
- C:\balanossa.exe
- %TEMP%\~DF7DCA.tmp
- 'oz##ina.com':80
- oz##ina.com/protecao.gif
- DNS ASK oz##ina.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'