Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,rundll32.exe "%PROGRAM_FILES%\dnf\zydxc0126.dll" Start,'
- %WINDIR%\wgc.exe
- %WINDIR%\wg.exe
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\dnf\zydxc0126.dll" Start
- %PROGRAM_FILES%\dnf\zydxc0126.dll
- %PROGRAM_FILES%\dnf\shadowsafe.sys
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\Index[1].html
- %PROGRAM_FILES%\zydxc2.dat
- %WINDIR%\wg.exe
- %WINDIR%\wgc.exe
- %PROGRAM_FILES%\zydxc.dat
- %PROGRAM_FILES%\zydxc2.dat
- %PROGRAM_FILES%\zydxc.dat
- %WINDIR%\wgc.exe
- 'ga####fe4.0fees.net':80
- 'localhost':1037
- ga####fe4.0fees.net/Index.html
- DNS ASK ga####fe4.0fees.net
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''