Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%WINDIR%\updates.exe'
- '%WINDIR%\updates.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\u[1].php
- %WINDIR%\updates.exe
- C:\postanovlenie.doc
- 'mi######twordupdates.biz':80
- mi######twordupdates.biz/u.php?id#########
- DNS ASK mi######twordupdates.biz
- ClassName: 'WordPadClass' WindowName: '(null)'