Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Print Spooler (Spooler)] 'Start' = '00000002'
- %PROGRAM_FILES%\ProtectService\ProtectService.exe
- <SYSTEM32>\cmd.exe /c c:\prot.bat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\protector080908[1]
- C:\prot.bat
- %PROGRAM_FILES%\ProtectService\ProtectService.exe
- %PROGRAM_FILES%\ProtectService\ProtectService.exe
- 'localhost':1037
- 'pr####tor080908.com':80
- pr####tor080908.com/
- DNS ASK pr####tor080908.com