Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'supdate2.dll' = 'RUNDLL32.EXE <SYSTEM32>\supdate2.dll,Run'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'supdate2.dll' = 'REGSVR32.EXE /s <SYSTEM32>\supdate2.dll'
- <SYSTEM32>\supdate2.dll
- %TEMP%\s29100.dll
- %TEMP%\nsu2.tmp
- %TEMP%\s29100.dll
- 'tb.##gou.com':80
- tb.##gou.com/sh/reg.gif?s=###############################################
- DNS ASK tb.##gou.com