Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SExpWan' = '"%PROGRAM_FILES%\WanSync\Client\SEWanClt.exe"'
- %PROGRAM_FILES%\WanSync\Client\SEWanClt.exe /i
- <SYSTEM32>\regsvr32.exe /s "%WINDIR%\SEIEBho.dll"
- %PROGRAM_FILES%\WanSync\Client\SEIEBho.dll
- %PROGRAM_FILES%\WanSync\Client\SEWanClt.exe
- %WINDIR%\SEIEBho.dll
- %PROGRAM_FILES%\WanSync\Client\PREINS.BAT
- %PROGRAM_FILES%\WanSync\Client\Domains.dat
- %PROGRAM_FILES%\WanSync\Client\RServer.ini
- 'www.ah##e.com':80
- www.ah##e.com/regip/gethost.asp?vi########################
- DNS ASK www.ah##e.com
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''