Техническая информация
- '%PROGRAM_FILES%\pipi_nav_clean2.exe' /VERYSILENT /SP-
- '%PROGRAM_FILES%\pipi_nav_clean2.exe' (загружен из сети Интернет)
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://pc.##ima8.com/index.php?p=######################################################
- %TEMP%\nsy2.tmp\fct.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].php
- %TEMP%\nsy2.tmp\KillProcDLL.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\pipi_nav_clean2[1].exe
- %TEMP%\nsy2.tmp\inetc.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pipi_nav_clean2[1].exe
- %PROGRAM_FILES%\pipi_nav_clean2.exe
- %TEMP%\nsy2.tmp\inetc.dll
- %TEMP%\nsy2.tmp\KillProcDLL.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pipi_nav_clean2[1].exe
- %TEMP%\nsy2.tmp\fct.dll
- 'pc.##ima8.com':80
- 'dl.#ipi.cn':80
- 'localhost':1037
- pc.##ima8.com/index.php?p=######################################################
- dl.#ipi.cn/pipi_nav_clean2.exe
- DNS ASK pc.##ima8.com
- DNS ASK dl.#ipi.cn
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'