Техническая информация
- %WINDIR%\Tasks\ms.job
- [<HKLM>\SYSTEM\ControlSet001\Services\Mdlea] 'ImagePath' = '<SYSTEM32>\688d.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Mdlea] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\363o.dll"
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\363o.dll"
- '<SYSTEM32>\688d.exe' -i
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\1dl3.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\efc6.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\38fr.dll"
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}']
- %TEMP%\h8gi24o8\_uninstall
- %TEMP%\h8gi24o8\s.exe
- %TEMP%\h8gi24o8\s.exe.tmp
- %TEMP%\h8gi24o8\4.dll
- %TEMP%\h8gi24o8\3.dll
- %TEMP%\h8gi24o8\2.dll
- %TEMP%\h8gi24o8\p.dll.zgx
- %TEMP%\h8gi24o8\b.dll.zgx
- %TEMP%\h8gi24o8\b.dll.zgx.tmp
- %TEMP%\h8gi24o8\z.lz
- %TEMP%\h8gi24o8\p.dll.zgx.tmp
- %TEMP%\h8gi24o8\msn.exe
- %TEMP%\h8gi24o8\msn.exe.tmp
- %TEMP%\h8gi24o8\p.dll.zgx.tmp
- %TEMP%\h8gi24o8\s.exe.tmp
- %TEMP%\h8gi24o8\b.dll.zgx.tmp
- %TEMP%\h8gi24o8\msn.exe.tmp
- %TEMP%\h8gi24o8\3.dll в %WINDIR%\33bd.exe
- %TEMP%\h8gi24o8\b.dll в <SYSTEM32>\363o.dll
- %TEMP%\h8gi24o8\4.dll в %WINDIR%\033d.flv
- %TEMP%\h8gi24o8\s.exe в <SYSTEM32>\688d.exe
- %TEMP%\h8gi24o8\p.dll.zgx в %TEMP%\h8gi24o8\p.dll
- %TEMP%\h8gi24o8\b.dll.zgx в %TEMP%\h8gi24o8\b.dll
- %TEMP%\h8gi24o8\2.dll в %WINDIR%\3b7u.bmp
- %TEMP%\h8gi24o8\p.dll в <SYSTEM32>\3fde.dll