Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = '<REG_MULTI_SZ>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Sidebr' = '"C:\Arquivos de programas\Sidebar\sidebr.exe" /i /s "C:\Arquivos de programas\Sidebar\sidebr.dll"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- 'as#####ayfoot.nuxit.net':80
- http://as#####ayfoot.nuxit.net/modules/tinycontent/admin/spaw/infect.php
- DNS ASK as#####ayfoot.nuxit.net
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'