Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\illegalBlock] 'Start' = '00000002'
- %ALLUSERSPROFILE%\Application Data\smss\smss.exe
- %ALLUSERSPROFILE%\Application Data\smss\smss.exe (загружен из сети Интернет)
- %ALLUSERSPROFILE%\Application Data\smss\smss.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gamelist[1].php
- %ALLUSERSPROFILE%\Application Data\~illegalblock.tmp
- <SYSTEM32>\wbem\Logs\wbemess.lo_
- %ALLUSERSPROFILE%\Application Data\~illegalblock.tmp
- '11#.#4.96.190':80
- 11#.#4.96.190/~attacker/zbManager.exe
- 11#.#4.96.190/~attacker/gamelist.php
- ClassName: 'Shell_TrayWnd' WindowName: ''