Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinDC] 'Start' = '00000002'
- Средство контроля пользовательских учетных записей (UAC)
- <SYSTEM32>\svchqst.exe
- [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'CheckExeSignatures' = 'no'
- %WINDIR%\Temp\aut2.tmp
- %WINDIR%\Temp\fdsousq
- <SYSTEM32>\svchqst.exe
- %TEMP%\aut1.tmp
- %TEMP%\cswqnhe
- %WINDIR%\Temp\aut2.tmp
- %WINDIR%\Temp\fdsousq
- %TEMP%\aut1.tmp
- %TEMP%\cswqnhe
- '2o#.#ytes.net':80
- 2o#.#ytes.net/change/windc.php?ap###############################
- DNS ASK 2o#.#ytes.net