Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{98B42E5D-AB09-42c2-964E-E5CF9D515AC4}] 'Exec' = 'http://click.linkprice.com/click.php?m=auction&l=0000&a=A100328603'
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC5DEB6F-670F-4aa1-9CDA-8C3AF8B79FA4}] 'Exec' = 'http://click.linkprice.com/click.php?m=gmarket&l=0000&a=A100328603'
- %APPDATA%\Favorite.exe
- <SYSTEM32>\cmd.exe /c \fivi.bat
- C:\fivi.bat
- %HOMEPATH%\Favorites\јоЗО ЅєЖ®ё®Ж®, 11№ш°Ў.url
- %HOMEPATH%\Favorites\ґзЅЕАМ ГЈґВ ёрµз ЅєЕёАП, їБјЗ.url
- %TEMP%\nsg2.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\insert[1].php
- %TEMP%\nsg2.tmp\DLLWebCount.dll
- %HOMEPATH%\Favorites\µрѕШјҐ, ЅГБр 2.url
- %WINDIR%\11market.ico
- %APPDATA%\domain.txt
- %APPDATA%\Favorite.exe
- %HOMEPATH%\Favorites\»х·Оїо јј»уА» ї©ґВ №®, Gё¶ДП.url
- %WINDIR%\gmarket.ico
- %WINDIR%\auction.ico
- %TEMP%\nsg2.tmp\DLLWebCount.dll
- %TEMP%\nsg2.tmp\System.dll
- %APPDATA%\Favorite.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\insert[1].php
- 'www.en###-find.com':80
- www.en###-find.com/count/insert.php?pi###################
- DNS ASK www.en###-find.com