Техническая информация
- '<SYSTEM32>\vspmf.exe'
- '%TEMP%\Messenger\setup.exe' llly
- '<SYSTEM32>\net1.exe' start MONITORWMIDE
- '<SYSTEM32>\regsvr32.exe' "%TEMP%\Messenger\ThunderSafe.dll" /s
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gt[1].asp
- <SYSTEM32>\mssrcid.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\gt[1].asp
- <SYSTEM32>\adorder.ini
- %TEMP%\Messenger\sysmain.dat
- %TEMP%\Messenger\ccfapi321.dll
- %TEMP%\Messenger\ccfapi32.dll
- %TEMP%\Messenger\setup.exe
- %TEMP%\Messenger\nvsys.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\gt[1].asp
- %TEMP%\Messenger\sysmain.dat в <SYSTEM32>\vspmf.exe
- %TEMP%\Messenger\nvsys.ini в <SYSTEM32>\wtqng.ini
- 'www.09##gg.cn':80
- www.09##gg.cn/page/gt.asp?ve#############################################################################################
- www.09##gg.cn/page/gt.asp?ve#################################
- DNS ASK www.09##gg.cn
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'