Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SMWIDGET' = '%PROGRAM_FILES%\SMS1000\Widget\smwidgupdater.exe'
- %PROGRAM_FILES%\SMS1000\Widget\smwidgupdater.exe (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c \DelUS.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\upsetting[1].dat
- %WINDIR%\smwidgdeldll.exe
- C:\DelUS.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\upsetting[1].dat
- %PROGRAM_FILES%\SMS1000\Widget\smwidgupdater.exe
- %PROGRAM_FILES%\SMS1000\Widget\smwidguninst.exe
- %PROGRAM_FILES%\SMS1000\Widget\smwidgdll.dll
- %PROGRAM_FILES%\SMS1000\Widget\smwidgalimi.exe
- 'do##.#eel2day.com':80
- 'up#.##s1000.co.kr':80
- up#.##s1000.co.kr/App/widget/smwidgdeldll.exe
- do##.#eel2day.com/widget/main/webmain/upsetting.dat
- up#.##s1000.co.kr/App/widget/upsetting.dat
- up#.##s1000.co.kr/App/widget/smwidgdll.dll
- up#.##s1000.co.kr/App/widget/smwidguninst.exe
- up#.##s1000.co.kr/App/widget/smwidgupdater.exe
- up#.##s1000.co.kr/App/widget/smwidgalimi.exe
- DNS ASK do##.#eel2day.com
- DNS ASK up#.##s1000.co.kr