Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Inic' = '%WINDIR%\system\uydeysh.bat'
- '%WINDIR%\system\xxxx.exe' x -hp102030 "%WINDIR%\system\uydeysh.rar" "%WINDIR%\system\"
- '%WINDIR%\system\xxxx.exe' (загружен из сети Интернет)
- '<SYSTEM32>\rundll32.exe' "%WINDIR%\system\uydeysh.dll",dlgProc
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\system\uydeysh.bat
- %WINDIR%\system\uydeysh.bat
- %WINDIR%\system\xxxx.exe
- %WINDIR%\system\uydeysh.rar
- %WINDIR%\system\uydeysh.rar
- %WINDIR%\system\xxxx.exe
- 'sm###.uol.com.br':587
- 'im####ier.com.br':80
- http://im####ier.com.br/xxxx.rar
- http://im####ier.com.br/uydeysh.rar
- DNS ASK sm###.uol.com.br
- DNS ASK im####ier.com.br
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''