Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Mcg64] 'ImagePath' = '%TEMP%\~McgLKZNT.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\Mcg2.8] 'ImagePath' = '%TEMP%\~McgGeIZ2.sys'
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' http://yy####.blog.163.com/
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\yy2887.blog.163[1]
- %TEMP%\~McgGeIZ2.sys
- %TEMP%\~McgLKZNT.sys
- %TEMP%\1.tmp
- %TEMP%\~McgLKZNT.sys
- %TEMP%\~McgGeIZ2.sys
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- %TEMP%\1.tmp
- %TEMP%\~McgGeIZ2.sys
- %TEMP%\~McgLKZNT.sys
- 'bn###.ys168.com':80
- 'yy####.blog.163.com':80
- 'localhost':1042
- 'localhost':1037
- '80##.cccpan.com':80
- http://yy####.blog.163.com/
- http://bn###.ys168.com/
- http://80##.cccpan.com/
- DNS ASK yy####.blog.163.com
- DNS ASK bn###.ys168.com
- DNS ASK 80##.cccpan.com
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''