Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\3894221376] 'Name' = '"%TEMP%\3.tmp"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Security Solution' = '"%APPDATA%\Security Solution\Security Solution.exe" /STARTUP'
- %APPDATA%\Security Solution\securitymanager.exe
- %APPDATA%\Security Solution\Security Solution.exe
- <SYSTEM32>\spoolsv.exe
- %HOMEPATH%\Start Menu\Programs\Security Solution\Activate Security Solution.lnk
- %HOMEPATH%\Start Menu\Programs\Security Solution\How to Activate Security Solution.lnk
- %HOMEPATH%\Desktop\Security Solution.lnk
- %HOMEPATH%\Start Menu\Programs\Security Solution\Security Solution.lnk
- %TEMP%\2.tmp
- %WINDIR%\Temp\5.tmp
- %HOMEPATH%\Start Menu\Programs\Security Solution\Help Security Solution.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Security Solution.lnk
- %APPDATA%\Security Solution\IcoHelp.ico
- %APPDATA%\Security Solution\IcoUninstall.ico
- %TEMP%\_1.tmpac7d.exe
- %APPDATA%\Security Solution\IcoActivate.ico
- %APPDATA%\Security Solution\securityhelper.exe
- %HOMEPATH%\Start Menu\Programs\Security Solution.lnk
- %APPDATA%\Security Solution\Security Solution.exe
- %APPDATA%\Security Solution\securitymanager.exe
- <DRIVERS>\etc\hosts
- %WINDIR%\Temp\5.tmp
- %TEMP%\_1.tmpac7d.exe
- %TEMP%\3.tmp
- 'localhost':1042
- DNS ASK pr####rstwebsite.us
- DNS ASK 13######43.net-winhelp.com
- DNS ASK 13######37.net-winhelp.com
- ClassName: 'Indicator' WindowName: ''