Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinStart' = '%WINDIR%\System\WinStart.exe -boot'
- <SYSTEM32>\regsvr32.exe /u /s <SYSTEM32>\rsp.dll
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\System\RSP.dll
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\System\BHO.DLL
- <SYSTEM32>\regsvr32.exe /u /s C:\WinIe\bho.dll
- <SYSTEM32>\regsvr32.exe /u /s %PROGRAM_FILES%\Internet Explorer\bho.dll
- <SYSTEM32>\regsvr32.exe /u /s <SYSTEM32>\bho.dll
- %WINDIR%\system\RSP.dll
- C:\t2pg
- %WINDIR%\system\WinStart.exe
- %WINDIR%\system\BHO.DLL
- %TEMP%\bho.dll.dat
- %TEMP%\bho.dl_
- %TEMP%\rsp.dll.dat
- %TEMP%\rsp.dl_
- %TEMP%\rsp.dll.dat в %TEMP%\rsp.dll
- %TEMP%\bho.dll.dat в %TEMP%\bho.dll
- 'www.ig##net.com':80
- www.ig##net.com/downloads/confirmation.asp?v=########################################
- DNS ASK www.ig##net.com