Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'TSVulFWMan' = '%ALLUSERSPROFILE%\Application Data\TSVulFWMan.exe /i 100d0'
- %ALLUSERSPROFILE%\Application Data\TSVulFWMan.exe /i 100d0
- C:\fyb917.exe
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen C:\¶¬МмХХ.bmp
- %HOMEPATH%\Recent\¶¬МмХХ.lnk
- %ALLUSERSPROFILE%\Application Data\mydat.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\getip[1].asp
- %HOMEPATH%\Recent\Local Disk (C).lnk
- %ALLUSERSPROFILE%\Application Data\readme.txt
- C:\¶¬МмХХ.bmp
- C:\fyb917.exe
- %ALLUSERSPROFILE%\Application Data\TSVulFW.dat
- %ALLUSERSPROFILE%\Application Data\TSVulFWMan.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\getip[1].asp
- 'fy##.#hagua911.cn':80
- fy##.#hagua911.cn/fyb/getip.asp?us###################
- DNS ASK fy##.#hagua911.cn
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Class_tsvulfw_man_window_0' WindowName: 'Window_tsvulfw_man_window_0'
- ClassName: 'Shell_TrayWnd' WindowName: ''