Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ctwopop] 'Start' = '00000002'
- '%PROGRAM_FILES%\ctpop\ctpop.exe'
- '%PROGRAM_FILES%\ctpop\ctpopsvc.exe'
- '%PROGRAM_FILES%\ctpop\ctpopsvc.exe' i
- '<SYSTEM32>\cmd.exe' /c \DelUS.bat
- %TEMP%\nsk2.tmp\SelfDelete.dll
- C:\DelUS.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\database[1].dat
- %PROGRAM_FILES%\ctpop\ctpop.exe
- %PROGRAM_FILES%\ctpop\ctpopsvc.exe
- %PROGRAM_FILES%\ctpop\uninst.exe
- %TEMP%\nsk2.tmp\SelfDelete.dll
- 'yu####04.cafe24.com':80
- yu####04.cafe24.com/database.dat
- DNS ASK yu####04.cafe24.com