Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'baroband' = '%PROGRAM_FILES%\BRG Search Helper\webupdate.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'baroband' = '%PROGRAM_FILES%\BRG Search Helper\webupate.exe'
- '<SYSTEM32>\regsvr32.exe'
- '<SYSTEM32>\regsvr32.exe' /s /c "%PROGRAM_FILES%\BRG Search Helper\baroband.dll"
- %PROGRAM_FILES%\BRG Search Helper\uninstaller.exe
- %PROGRAM_FILES%\BRG Search Helper\webupdate.exe
- %TEMP%\RGI1.tmp
- %PROGRAM_FILES%\BRG Search Helper\barobandi.ocx
- %TEMP%\baroband.zip
- %PROGRAM_FILES%\BRG Search Helper\info.dat
- %PROGRAM_FILES%\BRG Search Helper\baroband.dll
- %TEMP%\RGI1.tmp
- 'ba####.barogo.com':80
- ba####.barogo.com/baroband/log.php?pg#####################################################################################################################################################################################################
- DNS ASK ba####.barogo.com
- ClassName: 'baroband Update' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''