Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WebBuying' = '%PROGRAM_FILES%\Web Buying\v1.7.8\webbuying.exe'
- %PROGRAM_FILES%\Web Buying\v1.7.8\webbuying.exe
- <SYSTEM32>\regsvr32.exe
- <SYSTEM32>\qslwuyd.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\uni[1].html
- %PROGRAM_FILES%\Web Buying\v1.7.8\webbuying.exe
- %TEMP%\uf89.exe
- %PROGRAM_FILES%\Web Buying\v1.7.8\wbuninst.exe
- 'www.we###ying.net':80
- 'localhost':1038
- 'u.###buying.net':80
- www.we###ying.net/uni.html
- u.###buying.net/e/inst.php?d=####################################################################################
- DNS ASK www.we###ying.net
- DNS ASK u.###buying.net
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Tcloggerd' WindowName: 'loggerd'
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'gamerockstar' WindowName: 'grsclass'
- ClassName: 'webbuying' WindowName: 'webbuying'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'SysOleClass' WindowName: 'DDE Server'