Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winhelp.exe' = '%APPDATA%\OWZCEN323F\winhelp.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winhelp.exe' = '%APPDATA%\OWZCEN323F\\winhelp.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Startup Name' = '%ProgramFiles%\file.exe'
- '%APPDATA%\OWZCEN323F\winhelp.exe'
- '%APPDATA%\OWZCEN323F\winhelp.exe' <Полный путь к файлу>
- '%APPDATA%\OWZCEN323F\winhelp.exe'
- winhelp.exe
- %APPDATA%\OWZCEN323F\winhelp.exe
- %ProgramFiles%\file.exe
- %APPDATA%\OWZCEN323F\winhelp.exe
- 'bu##tz.tk':80
- http://bu##tz.tk/na/tasks.php
- DNS ASK bu##tz.tk