Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cobato' = '%PROGRAM_FILES%\cobato\cbtup.exe'
- %PROGRAM_FILES%\cobato\cbtup.exe (загружен из сети Интернет)
- %PROGRAM_FILES%\cobato\cbtdl.dll
- %WINDIR%\cbtad.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\upsetting[1].dat
- %PROGRAM_FILES%\cobato\cbtal.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\i_cbt[1].php
- %PROGRAM_FILES%\cobato\cbtdel.exe
- %PROGRAM_FILES%\cobato\cbtup.exe
- 'do##.cobato.com':80
- do##.cobato.com/main/webmain/cbtdl.dll
- do##.cobato.com/main/webmain/cbtad.exe
- do##.cobato.com/main/webmain/upsetting.dat
- do##.cobato.com/main/webmain/cbtal.exe
- do##.cobato.com/cbt/i_cbt.php?&p#################################
- do##.cobato.com/main/webmain/cbtdel.exe
- do##.cobato.com/main/webmain/cbtup.exe
- DNS ASK do##.cobato.com