Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\AltShell.dat'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %APPDATA%\AltShell.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\edlucxlvslrtyhklap-qqzt-gwfh-tjcu-czchozefgbosecvj-wkkl-jnyr-uhihadplrpedsbpefhraswys-nzbp_vj[1].html
- %APPDATA%\AltShell.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\zxkh_tbbxphjndjloiufvczkmldllmzfjrvflmaoxoq-lzxy-yssljgwelouo-kuft-zxfvjuiyao-tjssqvkvpzyx[1].php
- 'al##ar.biz':80
- 'al##ar.de':80
- al##ar.biz/forums/edlucxlvslrtyhklap-qqzt-gwfh-tjcu-czchozefgbosecvj-wkkl-jnyr-uhihadplrpedsbpefhraswys-nzbp_vj.html
- al##ar.de/community/zxkh_tbbxphjndjloiufvczkmldllmzfjrvflmaoxoq-lzxy-yssljgwelouo-kuft-zxfvjuiyao-tjssqvkvpzyx.php
- DNS ASK al##ar.biz
- DNS ASK al##ar.de