Техническая информация
- '%TEMP%\nsd3.tmp\ns5.tmp' \SoftwareUpdate.exe /uninstall
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -nohome
- '<SYSTEM32>\sc.exe' stop "Software Updater Service"
- '%TEMP%\~nsuA.tmp\Un_A.exe' _?=<Текущая директория>\
- '%TEMP%\nsd3.tmp\ns4.tmp' sc stop "Software Updater Service"
- C:\end
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\logo[1].png
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\conversion[1].gif
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\uninstallation[1].php
- %TEMP%\nsd3.tmp\ShellExecAsUser.dll
- %TEMP%\nsd3.tmp\inetc.dll
- %TEMP%\nsd3.tmp\nsExec.dll
- %TEMP%\~nsuA.tmp\Un_A.exe
- %TEMP%\nsd3.tmp\ns4.tmp
- %TEMP%\nsd3.tmp\ns5.tmp
- %TEMP%\nsd3.tmp\nsProcess.dll
- %TEMP%\nsd3.tmp\nsExec.dll
- %TEMP%\nsd3.tmp\nsProcess.dll
- %TEMP%\nsd3.tmp\ShellExecAsUser.dll
- %TEMP%\nsd3.tmp\ns4.tmp
- %TEMP%\nsd3.tmp\ns5.tmp
- %TEMP%\nsd3.tmp\inetc.dll
- 'localhost':1040
- 'www.to##hape.me':80
- '74.##5.232.51':80
- 'y9###.voluumtrk.com':80
- http://www.to##hape.me/uninstallation.php?fr########
- http://y9###.voluumtrk.com/conversion.gif?ci######################
- http://www.google.com/images/logo.png via 74.##5.232.51
- DNS ASK www.to##hape.me
- DNS ASK y9###.voluumtrk.com
- DNS ASK www.google.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''