Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\skype.dat'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- %APPDATA%\skype.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cjynspgbnnrpfaaubtcajxdugnuxko-rdip_pzst-ytqrlzigmp-bwxoybksfzcjacsiauione_vppqoupmsdjx-nf[1].php
- %APPDATA%\skype.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\qpnhllnwam_rdmynsebkyoufaptcglz-tmdw-wkiiif-fqxcvkbhxtye-nekd-cbnl-nbsyzvksnoda-xxva_xpfcgjri[1].php
- 'eg##s.ru':80
- 'yl##t.net':80
- eg##s.ru/cjynspgbnnrpfaaubtcajxdugnuxko-rdip_pzst-ytqrlzigmp-bwxoybksfzcjacsiauione_vppqoupmsdjx-nf.php
- yl##t.net/qpnhllnwam_rdmynsebkyoufaptcglz-tmdw-wkiiif-fqxcvkbhxtye-nekd-cbnl-nbsyzvksnoda-xxva_xpfcgjri.php
- DNS ASK eg##s.ru
- DNS ASK yl##t.net