Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{67D19E91-DD2D-411c-9B95-B282C998CE38}] 'Exec' = 'http://click.linkprice.com/click.php?m=auction&l=0000&a=A100328590'
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B05BD897-8235-4bef-A4DD-D7E5CB86CCAF}] 'Exec' = 'http://click.linkprice.com/click.php?m=gmarket&l=0000&a=A100328590'
- %APPDATA%\Favorite.exe
- <SYSTEM32>\cmd.exe /c \fivi.bat
- C:\fivi.bat
- %HOMEPATH%\Favorites\јоЗО ЅєЖ®ё®Ж®, 11№ш°Ў.url
- %HOMEPATH%\Favorites\ґзЅЕАМ ГЈґВ ёрµз ЅєЕёАП, їБјЗ.url
- %TEMP%\nsc2.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\insert[1].php
- %TEMP%\nsc2.tmp\DLLWebCount.dll
- %HOMEPATH%\Favorites\µрѕШјҐ, ЅГБр 2.url
- %WINDIR%\11market.ico
- %APPDATA%\domain.txt
- %APPDATA%\Favorite.exe
- %HOMEPATH%\Favorites\»х·Оїо јј»уА» ї©ґВ №®, Gё¶ДП.url
- %WINDIR%\gmarket.ico
- %WINDIR%\auction.ico
- %TEMP%\nsc2.tmp\DLLWebCount.dll
- %TEMP%\nsc2.tmp\System.dll
- %APPDATA%\Favorite.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\insert[1].php
- 'www.en###-find.com':80
- www.en###-find.com/count/insert.php?pi###################
- DNS ASK www.en###-find.com