Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'vufmjwjwjylqhcpap' = '<SYSTEM32>\srv79.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\ovunkfwoxlSv] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k DcomSec
- %TEMP%\lse2.tmp
- <SYSTEM32>\svcovunkfw.dll
- C:\logbot.txt
- %TEMP%\lis1.tmp
- <SYSTEM32>\srv79.exe