Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\iCount] 'Start' = '00000002'
- '<LS_APPDATA>\KillAD.exe'
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://is#n.cn/457514b.html
- '<SYSTEM32>\mshta.exe' vbscript:createobject("wscript.shell").run("""%PROGRAM_FILES%\Internet Explorer\iexplore.exe"" http://is#n.cn/457514b.html",0)(window.close)
- '<SYSTEM32>\svchost.exe' -k netsvcs
- %WINDIR%\Temp\HostService.dll
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\getver[1].asp
- %TEMP%\bt12018.bat
- <LS_APPDATA>\KillAD.exe
- %WINDIR%\Temp\HostService.dll
- %TEMP%\bt12018.bat
- <LS_APPDATA>\KillAD.exe
- %TEMP%\bt12018.bat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\getver[1].asp
- 'is#n.cn':80
- 'localhost':1038
- 'www.wd##t.cn':80
- is#n.cn/457514b.html
- www.wd##t.cn/getver.asp?qq####
- DNS ASK is#n.cn
- DNS ASK www.wd##t.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''