Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'nplog3' = 'rundll32 %APPDATA%\nplog.log,rdl'
- '%APPDATA%\shopbacon.exe'
- '<SYSTEM32>\rundll32.exe' %APPDATA%\nplog.log,rdl
- %HOMEPATH%\Favorites\Gё¶ДП.url
- %HOMEPATH%\Desktop\Gё¶ДП.url
- %WINDIR%\gmarket.ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\aution[1].ico
- %HOMEPATH%\Favorites\їБјЗ.url
- %HOMEPATH%\Desktop\їБјЗ.url
- %WINDIR%\aution.ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gmarket[1].ico
- %APPDATA%\shopbacon.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\11st[1].ico
- %HOMEPATH%\Favorites\11№ш°Ў.url
- %HOMEPATH%\Desktop\11№ш°Ў.url
- %WINDIR%\11st.ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gmarket[1].ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\aution[1].ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\11st[1].ico
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- 'ba####.funtvi.kr':80
- 'md###.funtvi.kr':80
- 'localhost':1036
- md###.funtvi.kr/bacon/aution.ico
- ba####.funtvi.kr/action.php?pa####################
- md###.funtvi.kr/bacon/11st.ico
- md###.funtvi.kr/bacon/gmarket.ico
- DNS ASK ba####.funtvi.kr
- DNS ASK md###.funtvi.kr
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'