Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\test33reg] 'Startup' = 'test33reg'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\test33reg] 'DllName' = '%ALLUSERSPROFILE%\Documents\Settings\test33.dll'
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Temp\tesF558.tmp
- %TEMP%\tes9B40.tmp
- %ALLUSERSPROFILE%\Documents\Settings\test33.dll
- 'as###########adwork.php?dfs=2&method=reg&tds=1':80
- as###########adwork.php?dfs=2&method=reg&tds=1
- DNS ASK as###########adwork.php?dfs=2&method=reg&tds=1
- DNS ASK microsoft.com